4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability

Ce sujet est résolu. Voici une description du problème et de la solution.

Problem:
The notice displays only in the Plesk control panel and describes the issue as a “Cross-Site Request Forgery (CSRF) vulnerability”.

Solution:
Please update to WPML 4.5.14 to solve that minor security issue.

Relevant Documentation:
https://wpml.org/changelog/2022/11/wpml-4-5-14-security-improvements/

Il s'agit du forum d'assistance technique de WPML, le plug-in multilingue pour WordPress.

Il est accessible à tous, toutefois seuls les clients de WPML peuvent y publier leurs messages. L'équipe du WPML répond sur le forum 6 jours par semaine, 22 heures par jour.

Aucun de nos assistants n'est disponible aujourd'hui sur le forum French. Veuillez créer un ticket, et nous nous le traiterons dès notre prochaine connexion. Merci de votre compréhension.

Marqué : Known issue

Ce sujet contient 5 réponses, a 2 voix.

Dernière mise à jour par Nicolas Viallet Il y a 1 an et 5 mois.

Assisté par: Nicolas Viallet.

Auteur	Articles
Novembre 10, 2022 à 4:33 pm #12432675
Nicolas Junod	Shield Security is reporting : WordPress WPML Multilingual CMS premium plugin <= 4.5.13 - Cross-Site Request Forgery (CSRF) vulnerability Vulnerability Type: Cross Site Request Forgery (CSRF) Version Fixed In: No Fix Link : lien caché Or : lien caché
Novembre 10, 2022 à 4:42 pm #12432727
Nicolas Viallet Supporter Les langues: Anglais (English ) Français (Français ) Fuseau horaire: America/Lima (GMT-05:00)	Hello, Welcome to the WPML support forum. My name is Nicolas and I will be happy to help you today. Thank you for reporting this. We are aware of this issue and we just released WPML 4.5.14 BETA today. Here is the full announcement: https://wpml.org/changelog/2022/11/wpml-4-5-14-security-improvements/ Here is the issue report: https://wpml.org/errata/wpml-4-5-13-cross-site-request-forgery-csrf-vulnerability/ Please note that the production release will be available beginning of next week and Beta versions should always be tested on development sites first. Nico
Novembre 10, 2022 à 5:04 pm #12433061
Nicolas Junod	My issue will be resolved with the forthcoming update 4.5.14. Thank you!
Novembre 15, 2022 à 2:34 pm #12464417
Nicolas Viallet Supporter Les langues: Anglais (English ) Français (Français ) Fuseau horaire: America/Lima (GMT-05:00)	Hi, Quick message to let you know that WPML 4.5.14 is available: https://wpml.org/download/wpml-multilingual-cms/?section=changelog Ref: https://wpml.org/errata/wpml-4-5-13-cross-site-request-forgery-csrf-vulnerability/ Thanks, Nico
Novembre 15, 2022 à 2:59 pm #12464637
Nicolas Junod	Thanks for the follow up, much appreciated ! Best regards, N. Junod
Novembre 15, 2022 à 3:14 pm #12464859
Nicolas Viallet Supporter Les langues: Anglais (English ) Français (Français ) Fuseau horaire: America/Lima (GMT-05:00)	Hi, You're welcome! I'll close that ticket now. Please feel free to contact us anytime you have questions, we will be happy to help. Have a good day ahead, Bye 🙂

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.