CVE-2026-54805
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-54805
EUVD
EUVD-2026-37641
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
falang multilanguage to 1.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-54805 is a high-priority Privilege Escalation vulnerability found in the WordPress Falang multilanguage Plugin versions 1.4.2 and earlier.

This flaw allows attackers who have low-privilege accounts, such as Subscriber accounts, to escalate their access rights to higher privileges, potentially gaining full control over the affected website.

The root cause of the vulnerability is an identification and authentication failure, which is categorized under OWASP Top 10 A7.

Impact Analysis

If exploited, this vulnerability can allow an attacker with minimal access to take over the entire website.

  • Attackers can escalate their privileges from Subscriber to administrator level.
  • Full control of the website can lead to unauthorized changes, data theft, or site defacement.
  • The vulnerability is highly dangerous and likely to be exploited in widespread attacks targeting thousands of websites.
Detection Guidance

The vulnerability affects WordPress sites running the Falang multilanguage plugin version 1.4.2 or earlier. Detection involves verifying the plugin version installed on your system.

You can check the plugin version by accessing your WordPress admin dashboard under Plugins, or by running commands on the server to inspect the plugin files.

  • Use WP-CLI command to list plugin versions: wp plugin list | grep falang
  • Check the plugin version in the plugin's main PHP file, e.g., grep 'Version' wp-content/plugins/falang-multilanguage/falang.php

Additionally, monitoring for suspicious privilege escalation attempts or unusual account activity related to Subscriber roles may help detect exploitation attempts.

Mitigation Strategies

The immediate and recommended mitigation is to update the Falang multilanguage plugin to version 1.4.3 or later, where the vulnerability is patched.

If updating immediately is not possible, apply the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Users unable to update or apply mitigation rules should seek assistance from their hosting provider or web developer to secure their site.

Compliance Impact

This vulnerability allows attackers with low-privilege accounts to escalate their privileges and potentially gain full control of the website. Such unauthorized access and control can lead to exposure, alteration, or destruction of sensitive data.

As a result, organizations using the vulnerable Falang multilanguage plugin may face challenges in maintaining compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

Failure to address this vulnerability could lead to data breaches or unauthorized data manipulation, which are reportable incidents under these regulations and could result in legal and financial penalties.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54805. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart