Vulnerabilities and security researches forfalang falang

Jun 07, 2024

CVE, Research URL: CVE-2024-4417
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: May 14, 2024
Research Description: The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: a9b4ba34b4a82b7813dfffcdb15dba44c54af5cc
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Oct 25, 2021
Research Description: Falang multilanguage for WordPress [falang] < 1.3.18 WordPress Falang multilanguage plugin <= 1.3.17 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Falang multilanguage plugin (versions <= 1.3.17).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-37968
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Jul 17, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-30495
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Mar 29, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47.
Affected versions: Min -, max -.
Status: vulnerable

Jun 26, 2024

CVE, Research URL: CVE-2024-37240
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Jan 02, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through 1.3.51.
Affected versions: Min -, max -.
Status: vulnerable

Aug 09, 2024

CVE, Research URL: CVE-2024-6869
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Aug 08, 2024
Research Description: The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete translations and expose the administrator email address.
Affected versions: Min -, max -.
Status: vulnerable