cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forpolylang polylang

Direction: ascending
Jun 06, 2024

Polylang # CVE-2014-4855

CVE, Research URL

CVE-2014-4855

Application

Polylang

Date
Jul 10, 2014
Research Description
Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.
Affected versions
max 1.5.2.
Status
vulnerable
Jan 16, 2025

Polylang # PSC-2024-64546

PSC, Research URL

PSC-2024-64546

Application

Polylang

Date
May 06, 2025
Research Description
The Polylang plugin is a powerful tool designed to create multilingual WordPress websites. With support for an unlimited number of languages, automatic integration with WordPress core features, and seamless performance, it has become a go-to solution for developers and site administrators alike. However, as with any plugin, security is paramount, and Polylang stands out for its commitment to safe coding practices.
Affected versions
Min 3.8.5, max 3.8.5.
Status
SAFE & CERTIFIED
Dec 10, 2025

Polylang # CVE-2025-64353

CVE, Research URL

CVE-2025-64353

Application

Polylang

Date
Oct 31, 2025
Research Description
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.
Affected versions
max 3.7.4.
Status
vulnerable
Jun 16, 2026

Polylang # c5bd994f7837548ecf9b537df00ade21990080ce

Application

Polylang

Date
Jan 16, 2019
Research Description
Polylang [polylang] < 2.5.1 Polylang <= 2.5 - Cross-Site Request Forgery The Polylang plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5. This is due to missing or incorrect nonce validation on the wp_insert_post_data() function. This makes it possible for unauthenticated attackers to duplicate media via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.5.1.
Status
vulnerable

Polylang # a0c2c526-ba41-4314-a93e-f9d13ccc54ed

Application

Polylang

Date
-
Research Description
Polylang [polylang] < 2.5.1 Polylang &lt;= 2.5 - CSRF in categories and media duplication The Polylang WordPress plugin was affected by a CSRF in categories and media duplication security vulnerability.
Affected versions
max 2.5.1.
Status
vulnerable