PT-2026-8067 · WordPress · Language Switcher
Bhumividh Treloges
·
Published
2026-02-14
·
Updated
2026-02-14
·
CVE-2026-0745
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
User Language Switch plugin for WordPress versions prior to 1.6.11
Description
The User Language Switch plugin for WordPress is susceptible to Server-Side Request Forgery due to insufficient URL validation within the
download language() function. This allows authenticated attackers with Administrator-level access or higher to initiate web requests to arbitrary locations from the web application. This could potentially allow querying and modification of information from internal services.Recommendations
Update the User Language Switch plugin to version 1.6.11 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Language Switcher