Access to this page is restricted to users who have either “Subscriber” or “Admin” roles. Broken access control in WPML Multilingual CMS premium plugin results in a high risk due to a high number of users who have access to this plugin. This plugin is installed on over 900,000 websites. In order to exploit this vulnerability, attacker needs to gain access to WPML Multilingual CMS premium plugin administrator’s dashboard. Steps to exploit this vulnerability on WordPress social media publishing plugin: 1. Install WPML Multilingual CMS premium plugin on WordPress website 2. Login to WPML Multilingual CMS premium plugin and go to settings page 3. Change selected language for legacy widgets 4. Click “Save Changes” button 5. Profit! WordPress social media publishing plugin version 4.5.10 is affected by this vulnerability. Fix | How to upgrade WPML Multilingual CMS plugin WPML Multilingual CMS premium plugin version 4.5.11 has been released to fix this issue. In order to update WPML Multilingual CMS plugin, follow these steps: 1. Navigate to “Plugins” menu on WordPress website 2. Click “Activate” link next to WPML Multilingual CMS plugin 3. Click “Update Now” button 4. Profit!
WordPress website affected by this vulnerability
The following websites are affected by this vulnerability:
- www.example.com
- www.example2.com
- www.example3.com
WordPress website software information
The WordPress website software information is restricted to users who have either “Subscriber” or “Admin” roles. Broken access control in WPML Multilingual CMS premium plugin results in a high risk due to a high number of users who have access to this plugin. This plugin is installed on over 900,000 websites. In order to exploit this vulnerability, attacker needs to gain access to WPML Multilingual CMS premium plugin administrator’s dashboard. Steps to exploit this vulnerability on WordPress social media publishing plugin: 1. Install WPML Multilingual CMS premium plugin on WordPress website 2. Login to WPML Multilingual CMS premium plugin and go to settings page 3. Change selected language for legacy widgets 4. Click “Save Changes” button 5. Profit! WordPress social media publishing plugin version 4.5.10 is affected by this vulnerability. Fix | How to upgrade WPML Multilingual CMS plugin WPML Multilingual CMS premium plugin version 4.5.11 has been released to fix this issue
Why Outsourcing SEO Can Be a Good Idea
Finding WordPress websites with WPML installed
WordPress websites with WPML installed are easy to find as they have a red icon in the right corner of their name. For example, visiting “https://www.wordpress-socialmedia-publishing-plugin.com/” will reveal that website is using WPML Multilingual CMS premium plugin since it has a red icon in its name.
References: https://wpmlcms.com/
http://wordpress.org/plugins/WPML-Premium-CMS/
Finding WordPress social media publishing plugin root directory
Finding the root directory of WordPress social media publishing plugin is important to exploit this vulnerability on it. The root directory of WordPress social media publishing plugin is located in the following directory:
wp-content/plugins/socialmediaspublishingplugin
The default login credentials for WordPress social media publishing plugin are admin and password. If you are trying to exploit this vulnerability on your own website, you will need to find a way to get access to the administrator dashboard of WPML Multimedia CMS premium plugin. To do so, follow these steps: 1. Install WPML Multilingual CMS premium plugin on your website 2. Login to WPML Multilingual CMS premium plugin and go to settings page 3. Change selected language for legacy widgets 4. Click “Save Changes” button 5. Profit!
Timeline
Published on: 11/17/2022 22:15:00 UTC
Last modified on: 11/21/2022 19:45:00 UTC