The Plugin "WPML Multilingual CMS" has a security vulnerability

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

This topic contains 2 replies, has 3 voices.

Assisted by: Mihai Apetrei.

Author	Posts
November 11, 2022 at 5:27 pm #12441339
davidG-36	Hello, Wordfence Security says, that The Plugin "WPML Multilingual CMS" has a security vulnerability. Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove "WPML Multilingual CMS" until a patched version is available. My WP versions 6.1 WPML Multilingual CMS 4.5.13 WPML String Translation 3.2.3 What to do?
November 11, 2022 at 7:48 pm #12441807
Mihai Apetrei Supporter Languages: English (English ) Timezone: Europe/Bucharest (GMT+03:00)	Hi there. We are aware of this error message and are currently working on a solution. For the moment, we have a workaround and we also posted an announcement about this issue. Please check our errata here: https://wpml.org/errata/wpml-4-5-13-cross-site-request-forgery-csrf-vulnerability/ Kind regards, Mihai Apetrei
November 14, 2022 at 12:58 pm #12454177
Viktoria Pozsgai	Hi, Updated but the security plugin still flags it vulnerable for the 4.5.14. Please let us know when it is fixed as soon as possible, thank you.

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.