PT-2026-8067 · WordPress · Language Switcher
Bhumividh Treloges
·
Publicado
2026-02-14
·
Atualizado
2026-02-14
·
CVE-2026-0745
CVSS v3.1
5.5
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
User Language Switch plugin for WordPress versions prior to 1.6.11
Description
The User Language Switch plugin for WordPress is susceptible to Server-Side Request Forgery due to insufficient URL validation within the
download language() function. This allows authenticated attackers with Administrator-level access or higher to initiate web requests to arbitrary locations from the web application. This could potentially allow querying and modification of information from internal services.Recommendations
Update the User Language Switch plugin to version 1.6.11 or later.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Language Switcher