One more vulnerability reported on March 02 and fixed in version 3.1.9:
*4. Unauthenticated administrative functions*
An unauthenticated attacker may under certain conditions bypass WPML's
nonce check and perform administrative functions.
The administrative ajax functions are protected with non
*OVERVIEW*
WPML is the industry standard for creating multi-lingual WordPress sites.
Three vulnerabilities were found in the plug-in. The most serious of them,
an SQL injection problem, allows anyone to read the contents of the
WordPress database, including user details and password hashes, withou
