| |
Podatność CVE-2021-24911
Publikacja: 2022-08-22
| Opis: |
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting. |
W naszej bazie, znaleźliśmy następujące noty dla tego CVE: | Tytuł | Autor | Data |
Low |
| Julien Ahrens | 01.08.2022 |
Typ:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
Referencje: |
https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English