WordPress Core, up to and including version 6.2, has a security vulnerability that could be exploited by unauthenticated attackers. This vulnerability allows them to access and load any translation file they choose. If an attacker is able to upload a malicious translation file, for example through an upload form, they could also use this vulnerability to launch a Cross-Site Scripting attack.