Today, we released WPML 4.5.11, an important security update for a recently discovered issue.
Recently, we were notified of an issue that allows unauthorized access to some WPML internal calls. It’s important to note that this vulnerability is only accessible to registered site users, not just any site visitor. However, we always recommend updating to the latest version of WPML and keeping your site’s theme and plugins up to date to keep your site secure.
This update also includes a fix for an issue that could lead to a fatal error when WPML Media Translation is enabled and you are saving posts with big amounts of anchor HTML tags.
How to Update to WPML 4.5.11
This release is immediately available to all clients with active WPML accounts. To update to the latest version, go to Plugins → Add New and click the Commercial tab. If you don’t see the updates available yet, click Check for Updates.
Checking for the WPML 4.5.11 update
You can also download this update from the Downloads page in your WPML account.
Questions or Comments?
Let us know in the comment section below, and we’ll reply.
10 Responses to “WPML 4.5.11 – Security Patch Update”
I have just tried to make this update, unfortunately it is not yet available.
Hi Arben – If you’re trying to download from the Plugins page in your site admin, you may need to click the button that says “Check for Updates” for it to show up. It’s also available in your WPML account on the Downloads page.
Can this be more detailed. I don’t understand what it means “access to some WPML internal calls”.
Thank you
Hi Laurent – Since not all users will be updating to the latest version right away, we don’t want to reveal too many details for security purposes. The issue makes it possible for registered site users to do things like change some WPML settings or cancel translation jobs. You can rest assured that this access is limited to registered users of your site, and it requires advanced knowledge of how WPML works in order to abuse it.
Hola, no nos aparece el parche de seguridad
Hola: asegúrese de hacer clic en “Buscar actualizaciones” u obtener la actualización de su página de descargas.
I know I can download it from my WPML account.
But.
The update is not available in WordPress, not under updates, not under Commercial Tab after checking for updates. You should check that.
Hi there – I’m sorry to hear you’re having trouble getting the update. If you’ve already clicked “Check for Updates” in the Commercial tab, and you’re still not seeing it available for download, please open a support ticket so our team can look into this further.
When I go to PlugIns Add new, my page do not look like your example and I cannot find a commercial tab under “more” either. What to do? This is what I see: a menu of
Discover
Search Engine Optimization
Ecommerce & Business
Booking & Scheduling
Events Calendar
Social
Email
More
Hi Mona – If your site is through WordPress.com (instead of .org) or you’re using a WPML version before 4.4, you’ll need to update manually. You can read more here: https://wpml.org/faq/updating-wpml-manually/
I have just tried to make this update, unfortunately it is not yet available.
Hi Arben – If you’re trying to download from the Plugins page in your site admin, you may need to click the button that says “Check for Updates” for it to show up. It’s also available in your WPML account on the Downloads page.
Can this be more detailed. I don’t understand what it means “access to some WPML internal calls”.
Thank you
Hi Laurent – Since not all users will be updating to the latest version right away, we don’t want to reveal too many details for security purposes. The issue makes it possible for registered site users to do things like change some WPML settings or cancel translation jobs. You can rest assured that this access is limited to registered users of your site, and it requires advanced knowledge of how WPML works in order to abuse it.
Hola, no nos aparece el parche de seguridad
Hola: asegúrese de hacer clic en “Buscar actualizaciones” u obtener la actualización de su página de descargas.
I know I can download it from my WPML account.
But.
The update is not available in WordPress, not under updates, not under Commercial Tab after checking for updates. You should check that.
Hi there – I’m sorry to hear you’re having trouble getting the update. If you’ve already clicked “Check for Updates” in the Commercial tab, and you’re still not seeing it available for download, please open a support ticket so our team can look into this further.
When I go to PlugIns Add new, my page do not look like your example and I cannot find a commercial tab under “more” either. What to do? This is what I see: a menu of
Discover
Search Engine Optimization
Ecommerce & Business
Booking & Scheduling
Events Calendar
Social
Email
More
Hi Mona – If your site is through WordPress.com (instead of .org) or you’re using a WPML version before 4.4, you’ll need to update manually. You can read more here: https://wpml.org/faq/updating-wpml-manually/