Security for everyone

CVE-2018-18069 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in WPML plugin for WordPress affects v. through 3.6.3.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one


Parent Category

CVE-2018-18069 Scanner Detail

The WPML (sitepress-multilingual-cms) plugin is a popular tool used for WordPress sites to translate website content into multiple languages. It is designed to allow web administrators to manage translations of posts, pages, taxonomy, and menus, as well as other aspects of a website. With a user-friendly interface and a variety of features, the WPML plugin provides an efficient way for website owners to offer content to diverse audiences. Through the WPML plugin, administrators can serve multiple languages by providing a drop down menu to choose the preferred language for website visitors. 

Recently, a vulnerability known as CVE-2018-18069 has been detected in the plugin. This vulnerability is present in the plugin's process_forms function and can lead to a cross-site scripting (XSS) attack. The vulnerability is triggered through the use of any "locale_file_name_" parameter in an authenticated theme-localization.php request to wp-admin/admin.php. The issue, when exploited, can allow an attacker to execute arbitrary scripts or take unauthorized actions on behalf of the website owner, such as stealing user information or manipulating website content.

When exploited by a malicious actor, CVE-2018-18069 can have serious consequences for users and website owners. Attackers can gain access to sensitive information and manipulate website content, leading to reputation damage, financial loss, and other damages. For larger organizations, a successful attack can lead to significant regulatory or legal penalties.

In conclusion, it is essential for website owners to be aware of vulnerabilities in their digital assets and to take proactive steps to protect against them. With the pro features of the platform, website owners can easily and quickly learn about vulnerabilities in their digital assets, as well as receive customized alerts and recommendations to protect against them. By staying informed and implementing effective security measures, website owners can help ensure the safety and integrity of their online presence.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture