cbcvebase.
CVE-2015-2314
published 2015-03-17

CVE-2015-2314: SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in…

PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.07%
93.4th percentile
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpmlwpml<= 3.1.8

Detection & IOCsextracted from sources · hover to see the quote

commandselect user_login,1,user_email,2,3,4,5,6,user_pass,7,8,9,10,11,12 from wp_users
url/?icl_action=reminder_popup&target=javascript%3Aalert%28%2Fhello+world%2f%29%3b%2f%2f
  • Detect SQL injection attempts via the HTTP Referer header containing the 'lang' parameter in POST requests with action=wp-link-ajax directed at the comments/feed endpoint.
  • Monitor for unauthenticated POST requests with body parameter 'action=wp-link-ajax'; the exploit does not require the attacker to be logged in.
  • Inspect HTTP Referer headers on wp-link-ajax requests for SQL keywords (UNION, SELECT, FROM) or unusual language codes that are not standard ISO language strings.
  • Alert on responses from comments/feed containing wp_users table data (user_login, user_email, user_pass fields) as the SQL query results are returned in the comments feed XML.
  • Detect reflected XSS exploitation attempts via GET requests containing 'icl_action=reminder_popup' with a 'target' parameter holding JavaScript URI schemes.
  • ·The vulnerability affects WPML versions before 3.1.9.1; the fixed version is 3.1.9.1 released March 10, 2015.
  • ·The menu sync content-deletion vulnerability also lacks access control, allowing unauthenticated deletion of posts, pages, and menus via wp_posts table row IDs.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.