CVE-2025-8425

Name of the Vulnerable Software and Affected Versions My WP Translate plugin for WordPress versions up to and including 1.1

Description The My WP Translate plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check within the ajax import strings() function allows authenticated attackers with Subscriber-level access or higher to modify arbitrary options on a WordPress site. This can be exploited to elevate user privileges, such as changing the default registration role to administrator and enabling user registration for malicious purposes, ultimately granting attackers administrative access.

Recommendations Versions prior to 1.1: Update to a version beyond 1.1 to address the issue. Version 1.1: Update to a version beyond 1.1 to address the issue.