CVE-2022-4169

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.
Configurations

Configuration 1

cpe:2.3:a:theme_and_plugin_translation_for_polylang_project:theme_and_plugin_translation_for_polylang:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-11-28 06:15

Updated : 2022-12-01 11:01


NVD link : CVE-2022-4169

Mitre link : CVE-2022-4169

Products Affected
No products.
CWE