A vulnerability, which was classified as problematic, has been found in timwhitlock Loco Translate Plugin up to 2.8.5 on WordPress. The impacted element is the function
execTemplate of the component Template Executor. Performing a manipulation of the argument template results in cross-site request forgery.
This vulnerability is known as CVE-2026-15005. Remote exploitation of the attack is possible. No exploit is available.