CVE-2022-4169

MEDIUM

Polylang < 3.2.17 - Unauthenticated Authorization Bypass

Title source: llm
STIX 2.1

Description

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.

Scores

CVSS v3 6.5
EPSS 0.0066
EPSS Percentile 47.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
marcinkazmierski/Theme and plugin translation for Polylang (TTfP) < 3.2.16
theme_and_plugin_translation_for_polylang_project/theme_and_plugin_translation_for_polylang < 3.2.17
Published Nov 28, 2022
Tracked Since Feb 18, 2026