CVE-2026-0735
BaseFortify
Publication date: 2026-02-14
Last updated on: 2026-02-18
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
The User Language Switch plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the 'tab_color_picker_language_switch' parameter. This vulnerability exists in all versions up to and including 1.6.10 due to insufficient input sanitization and output escaping.
An authenticated attacker with administrator-level access or higher can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute whenever any user accesses the injected page.
This vulnerability specifically affects multi-site WordPress installations and installations where the 'unfiltered_html' capability has been disabled.
How can this vulnerability impact me? :
This vulnerability allows an attacker with administrator-level access to inject malicious scripts that execute in the context of users visiting the affected pages.
The impact includes the potential for attackers to steal sensitive information, hijack user sessions, perform actions on behalf of users, or deface the website.
Since the vulnerability requires high privileges and affects multi-site or restricted HTML installations, the risk is somewhat limited but still significant in those environments.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Stored Cross-Site Scripting (XSS) via the 'tab_color_picker_language_switch' parameter in the User Language Switch WordPress plugin versions up to 1.6.10. Detection would involve identifying if your WordPress installation uses this plugin and version, and if the parameter is being exploited.
Since the vulnerability requires authenticated administrator-level access and affects multi-site installations or those with unfiltered_html disabled, detection commands should focus on checking plugin versions and monitoring HTTP requests for suspicious input in the 'tab_color_picker_language_switch' parameter.
- Check the installed version of the User Language Switch plugin via WP-CLI: `wp plugin list --format=json | jq '.[] | select(.name=="user-language-switch")'`
- Search web server logs for HTTP requests containing the 'tab_color_picker_language_switch' parameter with suspicious script content, e.g., using grep: `grep -i 'tab_color_picker_language_switch=.*<script' /var/log/apache2/access.log`
- Use a web vulnerability scanner or proxy tool to test for stored XSS by submitting payloads in the 'tab_color_picker_language_switch' parameter on admin pages.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediate steps include:
- Update the User Language Switch plugin to a version later than 1.6.10 where the vulnerability is fixed.
- Restrict administrator-level access to trusted users only, since exploitation requires authenticated admin privileges.
- If updating is not immediately possible, consider disabling the plugin or restricting its use on multi-site installations.
- Ensure that the WordPress setting 'unfiltered_html' is enabled only for trusted users to reduce risk.
- Monitor and sanitize inputs related to the 'tab_color_picker_language_switch' parameter to prevent script injection.