cleantalk
Vulnerabilities and Security Researches

Theme and plugin translation for Polylang (TTfP), CVE-2022-4169

CVE, Research URL

CVE-2022-4169

Home page URL

Security reports for Theme and plugin translation for Polylang (TTfP)

Application

Theme and plugin translation for Polylang (TTfP)

Published on
Nov 28, 2022
Research Description
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.
Affected versions
Min -, max 3.2.17.
Status
vulnerable
Previous vulnerability researches
Supertext Translation and Proofreading (CVE-2025-47639) , May 09, 2025
Theme and plugin translation for Polylang (TTfP) (CVE-2022-4169) , Jun 07, 2024
Polylang (CVE-2014-4855) , Jun 06, 2024
Polylang , Jan 16, 2025
New vulnerability
WP Register Profile With Shortcode (CVE-2025-4593) , Jul 13, 2025
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025