CVE-2022-38461

Name of the Vulnerable Software and Affected Versions WPML Multilingual CMS premium plugin versions <= 4.5.10

Description The issue allows users with a subscriber or higher user role to change plugin settings, including the selected language for legacy widgets and the default behavior for media content.

Recommendations For WPML Multilingual CMS premium plugin versions <= 4.5.10, update to a version higher than 4.5.10 to resolve the issue. As a temporary workaround, consider restricting access to plugin settings for users with subscriber or higher roles until a patch is available.