Bleeping Computer

Ex-Employee Hacks WPML WordPress Plugin Site and Spams Users

Last night the web site for the WordPress Multilingual Plugin (WPML) WordPress plugin was hacked and users of the plugin started receiving receiving emails stating that the plugin is filled with ...
CSOonline

Critical plugin flaw opens over a million WordPress sites to RCE attacks

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.
heise online

WordPress: 1 million websites use vulnerable plugin WPML

IT security researchers have discovered a critical vulnerability in the WordPress plug-in WPML. Authenticated attackers can use it to infiltrate malicious code from the web. An update closes the leak ...