CVE-2022-4169
Theme and plugin translation for Polylang <= 3.2.16 - Missing Authorization
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.
| CWE | CWE-862 |
| Vendor | marcinkazmierski |
| Product | theme and plugin translation for polylang (ttfp) |
| Published | Nov 28, 2022 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for marcinkazmierski theme and plugin translation for polylang (ttfp)
Be the first to know when new medium vulnerabilities affecting marcinkazmierski theme and plugin translation for polylang (ttfp) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
marcinkazmierski / Theme and plugin translation for Polylang (TTfP)
0 โค 3.2.16
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/9f6a358a-333c-4eb7-9149-348bf3713943?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2814605%40theme-translation-for-polylang%2Ftrunk&old=2812254%40theme-translation-for-polylang%2Ftrunk&sfp_email=&sfph_mail= wordfence.com: https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4169
Credits
Florent BESNARD