WordPress security should always be a top priority, especially when it comes to plugin vulnerabilities. Recently, a high-severity SQL Injection vulnerability has been uncovered in the widely-used WPML String Translation Plugin, posing significant risks to website security. Website owners must act promptly to safeguard their websites from potential exploits.

This critical SQL Injection vulnerability was discovered and reported by Stephen. The WPML String Translation Plugin is affected by a high-severity flaw, which could allow malicious actors to directly interact with your website’s database, potentially leading to data theft and other harmful consequences.


With a CVSS 3.1 score of 7.6, this SQL Injection vulnerability in the WPML String Translation Plugin is classified as high severity, indicating its significant potential for exploitation and the serious impact it can have on affected systems.

Affected Versions:

Website owners should take note that all versions of the WPML String Translation Plugin up to version 3.2.5 are vulnerable to this high-severity flaw.


Exploiting this SQL Injection vulnerability grants attackers direct access to the website’s database, enabling them to steal sensitive information and potentially compromise user data.


To enhance WordPress security and protect websites from this critical vulnerability, website owners are strongly advised to take the following actions:

  1. Update to the Latest Version: Immediately update the WPML String Translation plugin to the latest available version, which is at least version 3.2.6. This update contains the necessary fix to address the SQL Injection vulnerability and bolster overall plugin security.
  2. Regular Security Audits: Conduct regular security audits of the WordPress website to identify and address potential vulnerabilities proactively.
  3. Stay Informed: Monitor official updates and announcements regarding the WPML String Translation Plugin to be informed about any potential security fixes or patches.

By taking immediate action to update the WPML String Translation Plugin and staying proactive in WordPress security measures, website owners can effectively fortify their websites against potential SQL Injection exploits and ensure a safer online environment for their visitors and users.