CVE-2022-4169

Name of the Vulnerable Software and Affected Versions Polylang versions up to, and including, 3.2.16

Description The Theme and plugin translation for Polylang is vulnerable to authorization bypass due to missing capability checks in the process polylang theme translation wp loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.

Recommendations For Polylang versions up to, and including, 3.2.16, update to a version higher than 3.2.16 to resolve the issue. As a temporary workaround, consider disabling the process polylang theme translation wp loaded() function until a patch is available.