CVE-2025-10008: 
WordPress vulnerability analysis and mitigation

The Translate WordPress and go Multilingual – Weglot plugin for WordPress contains a vulnerability (CVE-2025-10008) discovered in October 2025. The vulnerability affects all versions up to and including 5.1, and is characterized by a missing capability check on the 'clean_options' function. This security flaw has been assigned a CVSS v3.1 base score of 5.3 (Medium) (Wordfence).

The vulnerability stems from a missing authorization check in the 'clean_options' function, which is classified as CWE-862 (Missing Authorization). The vulnerability allows unauthenticated access to certain plugin functionality, with a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

When exploited, the vulnerability enables unauthenticated attackers to delete limited transients that contain cached plugin options. This unauthorized data deletion capability could affect the plugin's functionality and cached settings (Wordfence).

Users should update their Weglot plugin to a version newer than 5.1 once available. The vulnerability has been identified and documented in the WordPress plugin repository (WordPress).