WordPress websites using unpatched Social Warfare installations (v3.5.1 and v3.5.2) are exposed to attacks abusing a stored Cross-Site Scripting (XSS) vulnerability fixed in the 3.5.3 version of the ...
A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites.