Four WordPress WPML Plugin Vulnerabilities Impact 400,000 Websites | CyberSecurity | #digcit | WordPress and Annotum for Education, Science,Journal Publishing | Scoop.it
From blog.norsecorp.com - March 16, 2015 6:18 PM
Multiple vulnerabilities in the WPML plugin that could allow attackers to access databases, delete site content, and gain administrative privileges have put as many as 400,000 websites at risk.

WPML is a popular WordPress plugin used for creating multi-lingual websites, and researchers have uncovered four critical vulnerabilities, the most serious being a SQL injection flaw that can allow unauthenticated access to the website’s database, exposing user details and password hashes.