Skip Navigation

This thread is resolved. Here is a description of the problem and solution.

Problem:
If you're experiencing issues with WPML creating a potential attack vector for MITM attacks by disabling SSL verification on sandbox installs, this is relevant to you.
Solution:
We recommend updating to WPML version 4.6.11 or later, as well as updating the String Translation. This update addresses and resolves the SSL verification issue in sandbox environments.

Please note that this solution might be irrelevant if it's outdated or not applicable to your case. We highly recommend checking related known issues at https://wpml.org/known-issues/, verifying the version of the permanent fix, and confirming that you have installed the latest versions of themes and plugins. If the issue persists, please open a new support ticket at WPML support forum for further assistance.

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

This topic contains 2 replies, has 2 voices.

Last updated by Lauren 3 months, 1 week ago.

Assisted by: Lauren.

Author Posts
May 10, 2024 at 6:58 pm #15616234

desireeM

WPML accidentally creates an attack vector for MITM attacks, by disabling SSL verification on sandbox installs
sitepress-multilingual-cms/vendor/otgs/installer/includes/class-wp-installer.php

May 14, 2024 at 2:44 pm #15626110

Lauren
Supporter

Languages: English (English )

Timezone: America/New_York (GMT-05:00)

I have reported your findings to our developers and will update here if we need more information or make any changes. Thank you!

August 7, 2024 at 1:14 pm #16048045

Lauren
Supporter

Languages: English (English )

Timezone: America/New_York (GMT-05:00)

Just a quick update to let you know that this is fixed in WPML 4.6.11 and String Translation release.