Vulnerabilities and security researches forfalang falang

Jun 07, 2024

CVE, Research URL: CVE-2024-4417
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: May 14, 2024
Research Description: The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 1.3.50.
Status: vulnerable

CVE, Research URL: a9b4ba34b4a82b7813dfffcdb15dba44c54af5cc
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Oct 25, 2021
Research Description: Falang multilanguage for WordPress [falang] < 1.3.18 WordPress Falang multilanguage plugin <= 1.3.17 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Falang multilanguage plugin (versions <= 1.3.17).
Affected versions: max 1.3.18.
Status: vulnerable

CVE, Research URL: CVE-2023-37968
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Jul 17, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.
Affected versions: max 1.3.40.
Status: vulnerable

CVE, Research URL: CVE-2024-30495
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Mar 29, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47.
Affected versions: max 1.3.48.
Status: vulnerable

Jun 26, 2024

CVE, Research URL: CVE-2024-37240
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Jan 02, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage falang allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through <= 1.3.51.
Affected versions: max 1.3.52.
Status: vulnerable

Aug 09, 2024

CVE, Research URL: CVE-2024-6869
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Aug 08, 2024
Research Description: The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete translations and expose the administrator email address.
Affected versions: max 1.3.53.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-48285
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: May 19, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage falang allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through <= 1.3.61.
Affected versions: max 1.3.62.
Status: vulnerable

Oct 12, 2025

CVE, Research URL: CVE-2025-58619
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Nov 06, 2025
Research Description: Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65.
Affected versions: max 1.3.66.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: e7fe3c349495b9e33e1365369c5aac59e4c37dfc
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Oct 25, 2021
Research Description: Falang multilanguage for WordPress [falang] < 1.3.18 Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting The Falang multilanguage plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions before 1.3.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.3.18.
Status: vulnerable

CVE, Research URL: 853fc9a7-4edf-4fe1-8e0c-d50c78b48faa
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: -
Research Description: Falang multilanguage for WordPress [falang] < 1.3.18 Falang multilanguage for WordPress < 1.3.18 - Reflected Cross-Site Scripting The plugin does not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site scripting issue
Affected versions: max 1.3.18.
Status: vulnerable

Jun 19, 2026

CVE, Research URL: CVE-2026-54805
Home page URL: Security reports for Falang multilanguage for WordPress
Application: Falang multilanguage for WordPress
Date: Jun 17, 2026
Research Description: Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
Affected versions: max 1.4.3.
Status: vulnerable