Vulnerabilities and security researches fortheme-translation-for-polylang theme-translation-for-polylang

Jun 07, 2024

CVE, Research URL: CVE-2022-4169
Home page URL: Security reports for Theme and plugin translation for Polylang (TTfP)
Application: Theme and plugin translation for Polylang (TTfP)
Date: Nov 28, 2022
Research Description: The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.
Affected versions: Min -, max -.
Status: vulnerable