The Force Update Translations plugin for WordPress contains a Cross‑Site Request Forgery (CSRF) vulnerability that allows an attacker to send forged requests to the site using an authenticated user's credentials. If exploited, the attacker can modify or delete site content, adjust settings, or otherwise perform any action that the logged‑in user is permitted to perform, thereby compromising the integrity of the website.

The vulnerable plugin, Force Update Translations by Mayo Moriyama, is affected in all releases from the initial build up to and including version 0.5. The CVE entry does not list a fixed version beyond 0.5, so any installation of the plugin at version 0.5 or older remains vulnerable.

The CVSS score of 4.3 indicates a medium severity issue, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. It is inferred that the attacker must have access to a valid session cookie or persuade an authorized user to perform the action. The likely attack vector requires an authenticated WordPress user to be tricked into visiting a maliciously crafted link that submits a forged request on the site’s behalf. Because the flaw relies on CSRF, an effective defense is to ensure proper nonce validation on all state‑changing requests.