CVE-2026-0745
📋 TL;DR
The User Language Switch WordPress plugin contains a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated administrators to make arbitrary web requests from the server. This can be used to query or modify internal services that are normally inaccessible from external networks. All WordPress sites using this plugin up to version 1.6.10 are affected.
💻 Affected Systems
- User Language Switch WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive internal services, exfiltrate data from internal networks, or pivot to attack other internal systems.
Likely Case
Information disclosure from internal services, reconnaissance of internal network structure, or limited data modification.
If Mitigated
Limited impact if network segmentation restricts internal service access and proper authentication controls are in place.
🎯 Exploit Status
Exploitation requires administrator credentials but is straightforward once authenticated. The vulnerability is in a publicly accessible function with minimal validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.11 or later
Vendor Advisory: https://wordpress.org/plugins/user-language-switch/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'User Language Switch' and click 'Update Now'. 4. Alternatively, download latest version from WordPress plugin repository and manually upload via FTP.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate user-language-switch
Restrict Admin Access
allImplement strict access controls and monitoring for administrator accounts
🧯 If You Can't Patch
- Implement network segmentation to restrict the WordPress server from accessing internal services
- Deploy a web application firewall (WAF) with SSRF protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → User Language Switch version. If version is 1.6.10 or lower, you are vulnerable.Check Version:
wp plugin get user-language-switch --field=versionVerify Fix Applied:
After updating, verify plugin version shows 1.6.11 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from WordPress server to internal IP addresses
- Multiple failed authentication attempts on admin accounts
- Requests to /wp-admin/admin-ajax.php with 'download_language' action
Network Indicators:
- WordPress server making unexpected HTTP requests to internal services
- Traffic to non-standard ports from WordPress server
SIEM Query:
source="wordpress.logs" AND (action="download_language" OR uri="/wp-admin/admin-ajax.php") AND (dest_ip=10.* OR dest_ip=172.16.* OR dest_ip=192.168.*)🔗 References
- https://downloads.wordpress.org/plugin/user-language-switch.zip
- https://plugins.trac.wordpress.org/browser/user-language-switch/tags/1.6.10/uls-options.php#L451
- https://plugins.trac.wordpress.org/browser/user-language-switch/trunk/uls-options.php#L451
- https://wordpress.org/plugins/user-language-switch/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8d15be-6a7b-485e-a338-ccf1a6eb226c?source=cve
