Timwhitlock Loco Translate
2 CVEs affecting Timwhitlock Loco Translate. Latest disclosed: 2026-05-05. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4146 | Medium | 6.1 | 2026-03-31 | The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update_href’ parameter in all versions up to, and including, 2… |
CVE-2026-1921 | Medium | 4.9 | 2026-05-05 | The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `fsReference` AJAX route. This is d… |