Primary

Context

WordPress Theme and Plugin Translation for Polylang Missing Authorization Vulnerability

Vulnerability

Patched

A vulnerability allowing authorization bypass has been identified in the WordPress plugin 'Theme and Plugin Translation for Polylang', in versions through 3.2.16. This vulnerability arises from inadequate capability checks in the 'process_polylang_theme_translation_wp_loaded()' function, enabling unauthenticated attackers to modify translation settings and import translation strings.

Impact

Exploitation of this vulnerability allows unauthorized users to change plugin and theme translation settings and import translation strings, potentially leading to unauthorized content modification on the site.

Remediation

Users are advised to update the 'Theme and Plugin Translation for Polylang' plugin to version 3.2.17 or a newer patched version.

Added: May 15, 2026, 11:43 AM

Updated: May 15, 2026, 11:43 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Theme and Plugin Translation for Polylang Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Polylang Theme and plugin translation

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating