Vulnerability Discovered in WPML, Popular WordPress Multilingual Plugin - 1

Image from Pickpik

Vulnerability Discovered in WPML, Popular WordPress Multilingual Plugin

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

As reported by Cybernews today, WPML , a popular tool for creating multilingual WordPress websites, is vulnerable to cyber-attacks. This security flaw, discovered by security researcher “ stealth copter ,” could allow attackers to execute code remotely on vulnerable websites.

Cybernews notes that WPML, with over a million active installations, is a widely used plugin for managing translations and language switching on WordPress sites. However, the researcher reported that the plugin’s handling of certain content types was susceptible to server-side template injection attacks.

By exploiting this vulnerability, attackers could potentially gain unauthorized access to a website’s server and steal sensitive information, such as passwords, user data, and other confidential information.

“The crafted payload uses the dump function to gather letters needed to construct commands without using quotes. Once we have basic command execution, we can further leverage it to gain more control over the server,” the researcher said in his report.

The researcher demonstrated the vulnerability by successfully executing a malicious shortcode within the WordPress editor. While crafting complex commands might require additional workarounds, the potential consequences of a successful attack are severe.

This incident underscores that security is an ongoing process that demands vigilance throughout all stages of development and data handling.

The researcher concludes that this vulnerability highlights the risks of inadequate input sanitization in templating engines. He advises that developers consistently sanitize and validate user inputs, particularly when rendering dynamic content.

Stealthcopter reported this vulnerability via the Wordfence Bug Bounty Program and received a bounty of $1,639.00, as noted by Wordfence . Wordfence states that this vulnerability has been addressed in version 4.6.13 of WPML and strongly advises users to update their sites to the latest patched version as soon as possible.

Philippine Call Centers Navigate AI Revolution, Balancing Job Losses And New Opportunities - 2

Image by Freepik

Philippine Call Centers Navigate AI Revolution, Balancing Job Losses And New Opportunities

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Bloomberg reported today how the rapid adoption of AI in the Philippines’ business process outsourcing (BPO) industry, a sector critical to the country’s economy, is sparking concerns over job losses.

The integration of AI is being driven by the same cost-cutting pressures that initially motivated companies to outsource jobs to the Philippines, says the report.

The introduction of AI has had mixed effects on the workforce. Some workers have found their jobs threatened or even eliminated as AI takes over more tasks.

For example, Christopher Bautista, 47, who spent nearly two decades in the call center industry, was suddenly placed on “floating status”—no work, no pay, but still officially employed.

Bloomberg reports that Bautista resigned six months later to take a sales position while waiting for reassignment. “AI will take over our jobs,” Bautista said. “It’s cheaper and more efficient.”

Despite potential job losses—estimated at up to 300,000 in the next five years within the country’s BPO industry—the industry is attempting to adapt by upskilling workers and embracing technological advancements, according to Bloomberg.

It’s not all doom, as AI is also expected to create new roles, such as training algorithms or managing data. Analysts predict AI could generate up to 100,000 new jobs.

Bloomberg reports that ChatGPT is being used to train customer service agents by simulating various customer personas during role-playing exercises. This approach helps new hires handle challenging interactions more effectively.

PV Kannan, CEO of a customer service company, told Bloomberg that this AI-driven training has reduced the time required for new staff to become proficient from 90 days to about one month.

The BPO sector, particularly call centers, is a huge part of the Philippine economy. As the largest private-sector employer and a significant contributor to the nation’s GDP, it is a vital part of the country’s economic landscape.

The government and industry leaders are working to mitigate these risks by investing in AI training and research. National Economic and Development Authority Secretary Arsenio Balisacan told Bloomberg “If you don’t upskill, obviously, AI will replace you.”

However, the government has not yet detailed its spending plans. Leading opposition senator Risa Hontiveros expresses concerns about the slow response. “Unfortunately, the Philippines is poorly prepared to shield our workers from the impact of the AI wave,” she told Bloomberg.