wagtail is vulnerable to Improper Access Control
43
Medium Risk
The simple_translation submission view does not verify page or snippet edit permissions before creating translations. A low-privileged user holding the Can submit translation permission can create translations for any page, including pages they cannot otherwise edit. This allows unauthorized creation of translated page content. The fix adds page edit and snippet permission policy checks to the submission view.
You are affected if you are using a version that falls within the vulnerable range and use the simple_translation app.
wagtail is vulnerable to Improper Access Control in versions 0.0.1 - 7.0.7, 7.1.0 - 7.3.2 and 7.4.0 - 7.4.1.
Upgrade the wagtail library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant