Primary

Context

Translate WordPress and Go Multilingual – Weglot Missing Authorization Vulnerability Allowing Unauthenticated Limited Transient Deletion

Vulnerability

A vulnerability exists in the Translate WordPress and Go Multilingual – Weglot plugin for WordPress, in all versions through 5.1. The issue arises from a missing capability check in the 'clean_options' function, allowing unauthenticated attackers to delete specific transients that store cached plugin options. This unauthorized data deletion could disrupt the normal functioning of the plugin by removing important configuration or state information.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of transients, which can disrupt the caching mechanism of the plugin and potentially lead to loss of important plugin settings or data.

Remediation

Users can update to version 5.2 or a newer patched version to address this vulnerability.

Added: Oct 30, 2025, 6:21 AM

Updated: Oct 30, 2025, 6:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Translate WordPress and Go Multilingual – Weglot Missing Authorization Vulnerability Allowing Unauthenticated Limited Transient Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating