{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0745", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-08T18:43:02.867Z", "datePublished": "2026-02-14T06:42:27.887Z", "dateUpdated": "2026-04-16T13:53:08.235Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:31.409Z"}, "affected": [{"vendor": "webilop", "product": "User Language Switch", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.6.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download_language()' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}], "title": "User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8d15be-6a7b-485e-a338-ccf1a6eb226c?source=cve"}, {"url": "https://downloads.wordpress.org/plugin/user-language-switch.zip"}, {"url": "https://wordpress.org/plugins/user-language-switch/"}, {"url": "https://plugins.trac.wordpress.org/browser/user-language-switch/trunk/uls-options.php#L451"}, {"url": "https://plugins.trac.wordpress.org/browser/user-language-switch/tags/1.6.10/uls-options.php#L451"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "cweId": "CWE-918", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Bhumividh Treloges"}], "timeline": [{"time": "2026-02-13T18:30:57.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T13:52:58.344894Z", "id": "CVE-2026-0745", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:53:08.235Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T13:52:58.344894Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T15:39:12.496Z"}}], "cna": {"title": "User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Bhumividh Treloges"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "webilop", "product": "User Language Switch", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.6.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-13T18:30:57.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8d15be-6a7b-485e-a338-ccf1a6eb226c?source=cve"}, {"url": "https://downloads.wordpress.org/plugin/user-language-switch.zip"}, {"url": "https://wordpress.org/plugins/user-language-switch/"}, {"url": "https://plugins.trac.wordpress.org/browser/user-language-switch/trunk/uls-options.php#L451"}, {"url": "https://plugins.trac.wordpress.org/browser/user-language-switch/tags/1.6.10/uls-options.php#L451"}], "descriptions": [{"lang": "en", "value": "The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download_language()' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:31.409Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0745", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:53:08.235Z", "dateReserved": "2026-01-08T18:43:02.867Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-14T06:42:27.887Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download_language()' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."}, {"lang": "es", "value": "El plugin User Language Switch para WordPress es vulnerable a falsificaci\u00f3n de petici\u00f3n del lado del servidor en todas las versiones hasta la 1.6.10, inclusive, debido a la falta de validaci\u00f3n de URL en la funci\u00f3n 'download_language()'. Esto hace posible que atacantes autenticados, con acceso de nivel de Administrador y superior, realicen peticiones web a ubicaciones arbitrarias originadas desde la aplicaci\u00f3n web y puede utilizarse para consultar y modificar informaci\u00f3n de servicios internos."}], "id": "CVE-2026-0745", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-02-14T07:16:09.113", "references": [{"source": "security@wordfence.com", "url": "https://downloads.wordpress.org/plugin/user-language-switch.zip"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/user-language-switch/tags/1.6.10/uls-options.php#L451"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/user-language-switch/trunk/uls-options.php#L451"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/user-language-switch/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8d15be-6a7b-485e-a338-ccf1a6eb226c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.10]"}}], "product": "user_language_switch", "vendor": "webilop"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T20:38:50.250410+00:00", "value": {"mitigation_remediation": ["Update the User Language Switch plugin to any version newer than 1.6.10.", "If an immediate update is not possible, disable or uninstall the plugin until a secure version is available.", "Reduce the number of users with Administrator credentials and enforce least\u2011privilege policies; additionally, monitor or restrict the server\u2019s outbound network traffic to prevent unintended internal requests."], "summary": {"action": "Patch Now", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the User Language Switch plugin distributed by webilop and run version 1.6.10 or earlier are affected. Versions newer than 1.6.10 are not listed as vulnerable.", "description_and_impact": "The User Language Switch plugin for WordPress contains a server\u2011side request forgery flaw that allows a user with Administrator privileges to supply any URL to an internal function. The missing validation enables the application to fetch data from arbitrary locations, including internal services, and may read or modify those services. This flaw reflects the input validation weakness identified by CWE\u2011918.", "risk_and_exploitability": "The overall severity, measured by the CVSS score of 5.5, is moderate. The low estimation of exploitation likelihood (under 1%) combined with the absence of a public exploitation record suggests that successful attacks are unlikely without direct access. Attackers still need Administrator rights and the target must be reachable from the web server, so internal administrators with excessive privileges become a key risk factor."}}}}, "created": "2026-02-16T12:02:19.270270+00:00", "updated": "2026-04-15T20:45:06.385615+00:00", "vendors": ["webilop", "webilop$PRODUCT$user_language_switch", "wordpress", "wordpress$PRODUCT$wordpress"]}