CVE-2026-15005 - Loco Translate <= 2.8.5 - Cross-Site Request Forgery to Remote Code Execution via 'template' Parameter
CVE ID :CVE-2026-15005 Published : July 16, 2026, 9:16 a.m. | 1 hour, 18 minutes ago Description :The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the...