{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9623", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-28T19:07:55.509Z", "datePublished": "2025-09-11T07:24:57.574Z", "dateUpdated": "2026-04-08T17:12:06.831Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:06.831Z"}, "affected": [{"vendor": "dontcare", "product": "Admin in English with Switch", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enable_eng function. This makes it possible for unauthenticated attackers to modify administrator language settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Admin in English with Switch <= 1.1 - Cross-Site Request Forgery", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ffb0980-75f8-4f6b-a0ed-2f65bc5aa103?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/admin-in-english-with-switch/tags/1.1/admin-in-english-with-switch.php#L106"}, {"url": "https://plugins.trac.wordpress.org/browser/admin-in-english-with-switch/tags/1.1/admin-in-english-with-switch.php#L113"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "timeline": [{"time": "2025-09-10T18:51:57.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T13:45:20.133394Z", "id": "CVE-2025-9623", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:38:35.681Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9623", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-11T13:45:20.133394Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T13:45:23.228Z"}}], "cna": {"title": "Admin in English with Switch <= 1.1 - Cross-Site Request Forgery", "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "dontcare", "product": "Admin in English with Switch", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-10T18:51:57.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ffb0980-75f8-4f6b-a0ed-2f65bc5aa103?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/admin-in-english-with-switch/tags/1.1/admin-in-english-with-switch.php#L106"}, {"url": "https://plugins.trac.wordpress.org/browser/admin-in-english-with-switch/tags/1.1/admin-in-english-with-switch.php#L113"}], "descriptions": [{"lang": "en", "value": "The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enable_eng function. This makes it possible for unauthenticated attackers to modify administrator language settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:12:06.831Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9623", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:12:06.831Z", "dateReserved": "2025-08-28T19:07:55.509Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-11T07:24:57.574Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enable_eng function. This makes it possible for unauthenticated attackers to modify administrator language settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-9623", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-11T08:15:37.403", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/admin-in-english-with-switch/tags/1.1/admin-in-english-with-switch.php#L106"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/admin-in-english-with-switch/tags/1.1/admin-in-english-with-switch.php#L113"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ffb0980-75f8-4f6b-a0ed-2f65bc5aa103?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:59:14.969567+00:00", "value": {"mitigation_remediation": ["Upgrade the Admin in English with Switch plugin to a version newer than 1.1 if an update is available", "If no update exists, disable or uninstall the plugin from the WordPress installation", "Configure a Web\u2011Application Firewall or use WordPress security plugins to detect and block CSRF attempts on admin pages"], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery enabling unauthenticated attackers to modify administrator language settings"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Admin in English with Switch plugin installed, version 1.1 or earlier. The plugin is distributed under the \u201cdontcare:Admin in English with Switch\u201d package name, and any site running any pre\u20111.2 release is vulnerable.", "description_and_impact": "The Admin in English with Switch plugin for WordPress suffers from a Cross\u2011Site Request Forgery flaw caused by missing or incorrect nonce validation on the enable_eng function. This vulnerability allows an unauthenticated attacker to craft a forged request and, if an administrator clicks a link, change language settings without knowledge of any credentials. The impact is the unauthorized alteration of configuration data, which can degrade the user experience, disrupt content management, or be used as a stepping stone for further social\u2011engineering attacks. The weakness is typical of a CSRF flaw (CWE\u2011352).", "risk_and_exploitability": "The CVSS score of 4.3 places this vulnerability in the low\u2011to\u2011medium range, and an EPSS score of less than 1% indicates negligible exploitation probability in the wild. The problem is not listed in the CISA KEV catalog, and there are no known active exploit campaigns. The probable attack vector involves an unauthenticated, web\u2011based request that a legitimate administrator may be tricked into executing by visiting a malicious link or clicking a disguised button. Once the attacker can make the request, the missing nonce verification will let the plugin change the language settings without further authentication."}}}}, "created": "2025-09-12T08:03:06.612357+00:00", "updated": "2026-04-21T03:00:06.384629+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}