Deserialization of Untrusted Data in Falang Multilanguage Plugin by sbouey
CVE-2025-58619

8.8HIGH

Key Information:

Vendor: WordPress
Status: Falang Multilanguage
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-58619?

The Falang Multilanguage plugin by sbouey is susceptible to a deserialization of untrusted data flaw, which enables object injection. This vulnerability impacts all versions up to and including 1.3.65, allowing attackers to potentially exploit the weakness to manipulate or execute code within the affected product.

Affected Version(s)

Falang multilanguage <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/fala...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Sep 3, 2025

Credit

Nguyen Xuan Chien | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-58619?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit