cleantalk
Vulnerabilities and Security Researches

Falang multilanguage for WordPress, CVE-2024-6869

CVE, Research URL

CVE-2024-6869

Home page URL

Security reports for Falang multilanguage for WordPress

Application

Falang multilanguage for WordPress

Published on
Aug 08, 2024
Research Description
The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete translations and expose the administrator email address.
Affected versions
Min -, max 1.3.53.
Status
vulnerable
Previous vulnerability researches
Falang multilanguage for WordPress (CVE-2024-4417) , Jun 07, 2024
Falang multilanguage for WordPress (a9b4ba34b4a82b7813dfffcdb15dba44c54af5cc) , Jun 07, 2024
Falang multilanguage for WordPress (CVE-2023-37968) , Jun 07, 2024
Falang multilanguage for WordPress (CVE-2024-30495) , Jun 07, 2024
Falang multilanguage for WordPress (CVE-2024-37240) , Jun 26, 2024
New vulnerability
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-5482) , Jun 13, 2025
OpenSheetMusicDisplay (CVE-2025-5235) , Jun 13, 2025
Arconix Shortcodes (CVE-2025-47673) , Jun 12, 2025
Slim SEO – Fast & Automated WordPress SEO Plugin (CVE-2025-4611) , Jun 12, 2025
AutomatorWP – The #1 automator plugin for no-code automation in WordPress (CVE-2025-48280) , Jun 11, 2025