Product
A Cross-Site Request Forgery vulnerability (CVE-2026-15005) in the WordPress Loco Translate plugin, affecting all versions up to 2.8.5, allows unauthenticated attackers to achieve remote code execution by tricking an administrator into clicking a malicious link, leading to arbitrary PHP code execution via `php://filter` stream wrapper abuse.