Vulnerabilities and security researches forpolylang polylang

Jun 06, 2024

CVE, Research URL: CVE-2014-4855
Home page URL: Security reports for Polylang
Application: Polylang
Date: Jul 10, 2014
Research Description: Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.
Affected versions: max 2.5.1.
Status: vulnerable

Jan 16, 2025

PSC, Research URL: PSC-2024-64546
Home page URL: Security reports for Polylang
Application: Polylang
Date: May 06, 2025
Research Description: The Polylang plugin is a powerful tool designed to create multilingual WordPress websites. With support for an unlimited number of languages, automatic integration with WordPress core features, and seamless performance, it has become a go-to solution for developers and site administrators alike. However, as with any plugin, security is paramount, and Polylang stands out for its commitment to safe coding practices.
Affected versions: Min 3.7.2, max 3.7.4.
Status: SAFE & CERTIFIED