CVE-2015-2792 – WPML < 3.1.8 - Authorization Bypass

https://notcve.org/view.php?id=CVE-2015-2792

02 Mar 2015 — The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter. El plugin WPML anterior a 3.1.9 para WordPress no maneja correctamente las acciones múltiples en una solicitud, lo que permite a atacantes remotos evadir las comprobaciones nonce y realizar acciones arbitra... • http://klikki.fi/adv/wpml.html • CWE-284: Improper Access Control •