CVE-2022-38461

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:*

History

21 Jul 2023, 20:25

Type Values Removed Values Added
CWE CWE-732 NVD-CWE-Other

21 Nov 2022, 19:45

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-17 22:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-38461

Mitre link : CVE-2022-38461

CVE.ORG link : CVE-2022-38461


JSON object : View

Products Affected

wpml

  • wpml
CWE
NVD-CWE-Other CWE-264

Permissions, Privileges, and Access Controls