CVE-2024-6386

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-1336
View all →

Vulnerability Description

The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Related Vulnerabilities

CVE-2021-4315

HIGH
CVSS:8.8(High)

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mod...

CWE-13362021

CVE-2023-27995

HIGH
CVSS:8.8(High)

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a...

CWE-13362023

CVE-2024-30372

HIGH
CVSS:8.8(High)

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authe...

CWE-13362024

CVE-2024-46366

HIGH
CVSS:8.8(High)

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead...

CWE-13362024

CVE-2024-52427

HIGH
CVSS:8.8(High)

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Even...

CWE-13362024

CVE-2022-0944

CRITICAL
CVSS:9.1(Critical)

Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.

CWE-13362022