WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386...

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	-	9:00 – 18:00	9:00 – 18:00	9:00 – 18:00	9:00 – 18:00	9:00 – 18:00
-	-	-	-	-	-	-

Supporter timezone: America/Lima (GMT-05:00)

This topic contains 0 reply, has 1 voice.

Assisted by: Andreas W..

Author	Posts
March 6, 2025 at 7:40 pm #16785199
guyd-11	Background of the issue: We have completed the full website using WPML and translated it into 3 different languages. Recently, we noticed that our website redirects to a porn website in different browsers. After contacting hosting support and analyzing the database, we found that WPML injected a virus. We uninstalled the plugin from our site. We are using the premium version of WPML. Symptoms: Website redirects to a porn website in different browsers. Questions: Why did this happen to our website? What are the issues with the WPML plugin?
March 7, 2025 at 2:23 am #16785908
Andreas W. WPML Supporter since 12/2018 Languages: English (English ) Spanish (Español ) German (Deutsch ) Timezone: America/Lima (GMT-05:00)	Hello, Does this mean that since you deactivated WPML this issue did no longer occur? Could you please delete our plugins, then install the latest versions to run the site with fresh installs and let me know if the issue occurs again? Best regards Andreas

The topic ‘[Closed] WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386…’ is closed to new replies.