We just released WPML 4.7.3 with a security patch. The identified issue poses a low risk for most websites, but we strongly recommend upgrading your sites.
For security reasons, we can’t share the details of this fix, but it addresses a vulnerability that could expose sensitive information via shortcode injection.
How to Update
We released this version to all sites, and it should already be available.
To update, log into your site's admin, go to the Plugins page, and click to update the WPML Multilingual CMS (core) plugin.
It can take up to 24 hours for an update to reach all sites. If you don't see this update on your site, please check again a bit later.
How to Report Security Issues
Security is always our top priority, and we have a dedicated page for reporting such issues.
If you find a security issue in any WPML plugin, please report it through our security and vulnerability page.
Coming Next: WPML 4.7.4 with WordPress 6.8 Compatibility
WordPress 6.8 is scheduled for release on April 15th. We're planning to release WPML 4.7.4 just before that.
As always, we're making sure WPML 4.7.4 is fully compatible with the new version of WordPress.