CVE-2026-0745

MEDIUM

User Language Switch <1.6.10 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2026-0745. PoCs published by XiaomingX, blackhatlegend, HORKimhab.

AI-analyzed exploit summary This repository contains a functional SQL injection exploit for CVE-2025-10042, targeting WordPress Quiz Maker plugin versions <= 6.7.0.56. The exploit uses time-based blind SQLi to extract admin credentials and hashes.

Description

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download_language()' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Exploits (4)

github WORKING POC 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-0745

This repository contains a functional SQL injection exploit for CVE-2025-10042, targeting WordPress Quiz Maker plugin versions <= 6.7.0.56. The exploit uses time-based blind SQLi to extract admin credentials and hashes.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WordPress Quiz Maker <= 6.7.0.56
No auth needed
Prerequisites: target WordPress URL · path to quiz page · vulnerable header for injection
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec SUSPICIOUS 2 stars
by blackhatlegend · poc
https://github.com/blackhatlegend/CVE-2026-0745

The repository claims to exploit CVE-2026-0745, an SSRF vulnerability in the User Language Switch WordPress plugin, but lacks actual exploit code. Instead, it directs users to an external download link (tinyurl.com), which is a common tactic for distributing malware or monetizing fake exploits.

Classification
Suspicious 90%
Attack Type
Ssrf
Complexity
Theoretical
Reliability
Theoretical
Target: User Language Switch WordPress plugin <= 1.6.10
Auth required
Prerequisites: Administrator-level access to the WordPress instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by HORKimhab · poc
https://github.com/HORKimhab/CVE-2026-0745

This repository contains a functional proof-of-concept exploit for CVE-2026-0745, demonstrating an SSRF vulnerability in the User Language Switch WordPress plugin. The script automates login and triggers the SSRF via a crafted request to admin-ajax.php.

Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target: User Language Switch WordPress plugin
Auth required
Prerequisites: WordPress installation with User Language Switch plugin · valid admin credentials
devstral-2 · analyzed May 15, 2026 Full analysis →
nomisec STUB
by NetVanguard-cmd · poc
https://github.com/NetVanguard-cmd/CVE-2026-0745

The repository contains only a README.md file with minimal content (just the CVE identifier) and no exploit code or technical details. It appears to be a placeholder or incomplete submission.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Apr 19, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 1.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-918
Status published
Products (1)
webilop/User Language Switch < 1.6.10
Published Feb 14, 2026
Tracked Since Feb 18, 2026