WordPress Plugin Vulnerabilities

Falang multilanguage < 1.3.40 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.

Affects Plugins

Plugin icon
falang
Fixed in 1.3.40

References

CVE
CVE-2023-37968

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
f7a27c63-f963-46fc-9587-04337ccb37bc

Timeline

Publicly Published
2023-07-17 (about 2 years ago)
Added
2023-07-17 (about 2 years ago)
Last Updated
2023-07-17 (about 2 years ago)

Other

Published
Title
Published
2022-04-25
Title
Tracked Tweets <= 0.2.9 - Stored Cross-Site Scripting via CSRF
Published
2025-06-12
Title
Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import
Published
2021-11-16
Title
Push Notifications for WordPress (Lite) < 6.0.1 - Settings Update via CSRF
Published
2025-03-11
Title
ZipList Recipe <= 3.1 - Cross-Site Request Forgery
Published
2024-07-17
Title
Cooked – Recipe Management < 1.8.0 - Cross-Site Request Forgery via cooked_get_recipe_ids