CVE-2022-38974 MEDIUM

CVE-2022-38974: WordPress WPML Multilingual CMS premium plugin <= 4.5.10 - Broken Access Control vulnerability

Vendor Onthegosystems Ltd.

Product WPML Multilingual CMS (WordPress plugin)

Weakness CWE-264

Published November 18, 2022

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs.

Key dates

02Disclosure timeline

November 18, 2022 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-38974

Related vulnerabilities

Identifiers

CVE CVE-2022-38974

CWE CWE-264

CVSS 4.3 / MEDIUM

Affected versions