Impact
An authenticated user holding a subscriber role can exploit a flaw in the Falang Multilanguage plugin, enabling them to perform actions reserved for higher‑privileged users. This results in unauthorized access to content, configuration options, or other administrative functions that can lead to data disclosure, tampering, or service disruption.
Affected Systems
The Falang Multilanguage plugin for WordPress, developed by sbouey, is affected in all releases up to and including version 1.4.2. WordPress sites that have not upgraded to at least 1.4.3 are vulnerable.
Risk and Exploitability
The vulnerability has a CVSS score of 8.8, indicating high severity. The EPSS score is currently unavailable, but the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an authenticated web‑based interaction: any user who can log into the site and holds the subscriber role can trigger the escalation. Successful exploitation would result in elevated privileges, giving the attacker the ability to modify site content, configurations, or user roles.
OpenCVE Enrichment