Falang Multilanguage Plugin Vulnerability Affects Translation Data
CVE-2024-6869

7.1HIGH

Key Information:

Vendor: Wordpress
Status: Falang Multilanguage For WordPress
Vendor: CVE Published:; 8 August 2024

Summary

The Falang Multilanguage Plugin for WordPress contains vulnerabilities that allow authenticated attackers with Subscriber-level access or higher to make unauthorized modifications to data. Due to missing capability checks in several functions, these attackers can alter and delete translations, as well as disclose the email address of the site administrator. This flaw is present in all versions up to and including 1.3.52, posing a risk to site integrity and user privacy.

Affected Version(s)

Falang multilanguage for WordPress * <= 1.3.52

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/falang/trunk/a...

https://plugins.trac.wordpress.org/changeset/3131499/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2024
Vulnerability Reserved
Jul 17, 2024

Credit

Lucio Sá