Home / Vulnerability Intelligence / CVE-2026-0745

CVE-2026-0745 - Vulnerability Analysis

HighCVSS: 7.2

Last Updated: February 14, 2026

WordPress User Language Switch - Server-Side Request Forgery

Published: February 14, 2026Updated: February 14, 2026PoC AvailableRemote Exploitable

Overview

WordPress User Language Switch plugin <= 1.6.10 contains a server-side request forgery caused by missing URL validation in the 'download_language()' function, letting authenticated administrators make arbitrary web requests, exploit requires administrator privileges.

Severity & Score

Severity: High

CVSS Score: 7.2

EPSS Score: 3.0%(Probability of exploitation in next 30 days)

Impact

Authenticated administrators can make arbitrary web requests, potentially querying and modifying internal service information.

Mitigation

Update to a version later than 1.6.10 or the latest available version.

References

Social Media Activity(2 posts)

Offensive Sequence

@offseq

Feb 15, 2026

SSRF vulnerability (HIGH, CVE-2026-0745) in WordPress User Language Switch plugin (all versions). Admin-level users can access internal services. Audit, limit admin access, and monitor for suspicious requests. No patch yet. https://radar.offseq.com/threat/cve-2026-0745-cwe-918-server-side-request-forgery--d2649c34 #OffSeq #WordPress #SSRF

View original post

Offensive Sequence

@offseq

Feb 15, 2026

View original post

GitHub Repositories(1 repo)

https://github.com/blackhatlegend/CVE-2026-0745

Related Resources

Details

CVE ID: CVE-2026-0745
Severity: High
CVSS Score: 7.2
Type: server_side_request_forgery
Status: new
EPSS: 3.0%
Social Posts: 2

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS Score

3.0%Probability of exploitation in the next 30 days