The theme does not have authorisation in the process_polylang_theme_translation_wp_loaded() function, which could allow unauthenticated attack to update translation settings, as well as import arbitrary translations
CPE | Name | Operator | Version |
---|---|---|---|
theme-translation-for-polylang | lt | 3.2.17 |