CVE-2026-4146 | timwhitlock Loco Translate Plugin up to 2.8.2 on WordPress Parameter update_href cross site scripting

A vulnerability classified as problematic was found in timwhitlock Loco Translate Plugin up to 2.8.2 on WordPress. This affects an unknown part of the component Parameter Handler. The manipulation of the argument update_href results in cross site scripting.

This vulnerability is reported as CVE-2026-4146. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More