Forums

WP Tavern Forums Articles Remote Code Execution Vulnerability Patched in WPML WordPress Plugin

Remote Code Execution Vulnerability Patched in WPML WordPress Plugin

  • Author
    Posts
    • #160592
      Plugin VulnerabilitiesPlugin Vulnerabilities
      August 28, 2024 at 3:57 PM

      CVSS severity scores have long been noted by the security industry to not be a reliable measure of the severity of vulnerabilities, and this vulnerability is a good example of that.

      With this vulnerability, the attacker would have to have a level of access an untrusted individual rarely would have. So the risk posed by the vulnerability is rather low. The idea that a vulnerability unlikely to be exploited would have almost the highest severity doesn’t make sense.

      Or to put it another way, if the vulnerability was exploitable by someone not logged in, it would certainly be widely exploited, but the severity score could increase to 10 from 9.9.

      It would help if WordPress security providers stuck to more accurate severity measurements to avoid overstating the risks of vulnerabilities and unnecessarily scaring the WordPress community.

      Also, what is the source for the claimed install count of this plugin?

  • Author
    Posts
  • You must be logged in to reply to this topic.

These comments are powered by bbPress which uses Akismet to reduce spam. Learn how your comment data is handled.

Recent Replies

Recent Topics