WordPress Plugin Vulnerabilities

WPML < 4.5.11 - Subscriber+ Translation Job Status Update

Description

The plugin does not have authorisation when updating the status of translation jobs, which could allow any authenticated users, such as subscriber to perform such action

Affects Plugins

Plugin icon
sitepress-multilingual-cms
Fixed in 4.5.11

References

CVE
CVE-2022-38974

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
d8fcfbf6-6480-4cad-93cd-ae5b08ea9c7b

Timeline

Publicly Published
2022-11-09 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2024-06-21
Title
Play.ht <= 3.6.4 - Missing Authorization
Published
2025-07-28
Title
Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success
Published
2025-06-05
Title
Accessibility Suite < 4.20 - Missing Authorization
Published
2024-07-26
Title
WooCommerce Product Table Lite < 3.8.6 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting
Published
2024-06-06
Title
GDPR CCPA Compliance & Cookie Consent Banner < 2.7.1 - Missing Authorization to Settings Update and Stored Cross-Site Scripting