Description
WPML is a WordPress plugin for building multilingual WordPress sites. A vulnerability has been found in the WPML plugin up to version 3.6.3 that allows an attacker to inject arbitrary html and script code into the WordPress site. This vulnerability affects the file sitepress.class.php and can be exploited via the POST parameter locale_file_name_en.
Remediation
Upgrade to the latest version of the WPML plugin.
References
Related Vulnerabilities
WordPress Plugin EZP Coming Soon Page Cross-Site Scripting (1.0.0)
WordPress Plugin Events Made Easy Cross-Site Scripting (2.2.23)
WordPress Plugin User Role by BestWebSoft Cross-Site Scripting (1.5.5)
WordPress Plugin Arigato Autoresponder and Newsletter Cross-Site Scripting (2.7.1.1)
WordPress Plugin Forym-Modern Discussion Forum for Wordpress-Forums Cross-Site Scripting (1.5.8)