Cross-Site Request Forgery Vulnerability in Admin in English with Switch Plugin for WordPress
CVE-2025-9623

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
Admin In English With Switch
Vendor
CVE Published:
11 September 2025

What is CVE-2025-9623?

The Admin in English with Switch plugin for WordPress is susceptible to a Cross-Site Request Forgery vulnerability across all versions up to and including 1.1. This flaw arises from inadequate nonce validation within the enable_eng function, allowing unauthorized attackers to alter administrator language settings. By deceiving a site administrator into executing an action, such as clicking a malicious link, an attacker can forge a request and gain control over vital site settings.

Affected Version(s)

Admin in English with Switch * <= 1.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/admin-in-engli...
https://plugins.trac.wordpress.org/browser/admin-in-engli...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sandeep
.
CVE-2025-9623 : Cross-Site Request Forgery Vulnerability in Admin in English with Switch Plugin for WordPress