CVE-2020-10568
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.
We have discovered 71,852 live websites that are affected by CVE-2020-10568.
Affected Software
| Product |  WPML |
| Category | Wordpress Plugins |
| Vulnerable Domains | 71,852 live websites (18.96% of WPML install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 147 versions ( 65.33% of all versions) |
Details
- Published - Mar 14, 2020
- Updated - Aug 4, 2024
CVE References
CVE-2020-10568 usage by Country
 United States | 12,097 websites |
 Germany | 9,660 websites |
 France | 6,845 websites |
 Italy | 5,382 websites |
 Spain | 4,573 websites |
 Poland | 2,584 websites |
 Netherlands | 2,209 websites |
 Canada | 1,659 websites |
 Switzerland | 1,523 websites |
 Greece | 1,322 websites |
CVE-2020-10568 usage by TLD
| .com | 29,224 websites |
| .it | 3,950 websites |
| .de | 2,696 websites |
| .org | 2,080 websites |
| .eu | 1,895 websites |
| .pl | 1,770 websites |
| .es | 1,572 websites |
| .nl | 1,464 websites |
| .net | 1,264 websites |
| .fr | 1,251 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-10568
Top websites that are affected by CVE-2020-10568. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.com | United States | *,*** | |
| *********.be | France | **,*** | |
| *******.co | Germany | **,*** | |
| *********.com | Spain | **,*** | |
| *************.com |  Singapore | **,*** | |
| **********.com | France | **,*** | |
| *****.******.de | Germany | **,*** | |
| ***********.link | United States | **,*** | |
| ********.it | Italy | **,*** | |
| ***********.com | United States | **,*** |
FAQ
A total of 71,852 websites have been identified as vulnerable to CVE-2020-10568, discovered through global website indexing conducted by WebTechSurvey.
WPML is susceptible to CVE-2020-10568 vulnerability.
WPML versions before 4.3.7 are vulnerable to CVE-2020-10568.
Version 4.3.7 of WPML addresses the CVE-2020-10568 security vulnerability.