CVE-2026-41690 Prototype pollution and path traversal in i18next-http-middleware via user-controlled language and namespace parameters

18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated entry points that...

CVE-2026-0735

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-0745

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'downloadlanguage' function. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-0735 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tabcolorpickerlanguageswitch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-0735

CVE-2026-0735 corresponds to a vulnerability in WordPress Plugin User Language Switch (versions 1.6.10 or applying vendor-provided fixes. If other details (e.g., affected product/vendor, CVE scope) are necessary, they are not present in the supplied sources.

CVE-2026-0745 User Language Switch <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'downloadlanguage' function. This makes it possible for authenticated attackers, with Administrator-level access and above, ...

WordPress plugin User Language Switch 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-8067

The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download language' function. This makes it possible for authenticated attackers, with Administrator-level access and above,...

WordPress plugin User Language Switch 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-8065

The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab color picker language switch' parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress User Language Switch plugin <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'tabcolorpickerlanguageswitch' Parameter vulnerability discovered by 0x34rth in WordPress Plugin User Language Switch versions = 1.6.10...

WordPress User Language Switch plugin <= 1.6.10 - Authenticated (Administrator+) Server-Side Request Forgery via 'info_language' Parameter vulnerability

Authenticated Administrator+ Server-Side Request Forgery via 'infolanguage' Parameter vulnerability discovered by 0x34rth in WordPress Plugin User Language Switch versions = 1.6.10...

EUVD-2005-3079

Malware in sbrugna...

EUVD-2008-3060

Malware in sbrugna...

EUVD-2025-24770

Malicious code in bioql PyPI...

CVE-2025-49064

CVE-2025-49064 concerns the WordPress plugin User Language Switch . The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Affected versions are: User Language Switch up to and including 1.6.10. External sources (PT Security...

CVE-2025-49064 WordPress User Language Switch plugin <= 1.6.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through = 1.6.10...

CVE-2025-49064 WordPress User Language Switch plugin <= 1.6.10 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through = 1.6.10...

WordPress plugin User Language Switch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...