I received this email below from WPEgine my host. Is there a timeline for a patch?
Hello,
At WP Engine we take the security of your sites very seriously, and make every effort to keep our customers aware of any potential security risks. We are reaching out to you today because we identified your site(s), stephanieh57, is (are) utilizing a vulnerable version of the WPML String Translation plugin.
At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability.
WP Engine summary of the vulnerability: The plugin contains a vulnerability wherein unauthenticated visitors could inject SQL statements into WordPress. SQL injection could allow an attacker to gain control of your site.
Original 3rd-party’s report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine: hidden link
We encourage you to assess the risk of continuing to use this plugin until a patch is released.
Please make sure to run a backup of your database before making any changes. You can learn how to do this in this article: hidden link .
Would you like to avoid doing these updates manually in the future? Add the Smart Plugin Manager to your plan today!
Finally, feel free to reach out to our Support team at any time if you have any questions!
