Podatność CVE-2021-24911


Publikacja: 2022-08-22

Opis:
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Low
Transposh WordPress Translation 1.0.7 Cross Site Scripting
Julien Ahrens
01.08.2022

Typ:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 Referencje:
https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55

Copyright 2024, cxsecurity.com

 

Back to Top