The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header.Referenceshttps://wpvulndb.com/vulnerabilities/8173https://wordpress.org/plugins/sitepress-multilingual-cms/#developers
