What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Polylang support for Customizer add-polylang-support-for-customizer allows Cross Site Request Forgery.This issue affects Add Polylang support for Customizer: from n/a through <= 1.4.5.
Explanation of Vulnerability in Simple Terms
02Summary
A cross-site request forgery (CSRF) vulnerability in Add Polylang support for Customizer versions up to 1.4.5 allows an attacker to perform unwanted actions on behalf of a logged-in user. The vulnerability requires the user to visit a malicious webpage while authenticated. No confidentiality impact occurs, but site settings or content may be modified without authorization.
What an attacker can do
03Attacker Capabilities
Perform unwanted actions (modify settings or content) on behalf of a logged-in site user.
Potential impact on your site
04Site Impact
Site settings or content could be altered by an attacker without your knowledge if a logged-in user visits a malicious link.
Conditions required to exploit
05Prerequisites
Victim must be logged in and visit an attacker-controlled webpage while authenticated to the site.
Key dates
06Disclosure timeline
January 22, 2026
CVE published
April 28, 2026
Record updated