RSS   Podatności dla
'Translate wordpress with gtranslate'
   RSS

2022-03-28
 
CVE-2022-0770

CWE-352
 

 
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page

 
2022-02-07
 
CVE-2021-25103

CWE-79
 

 
The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY

 
2020-04-20
 
CVE-2020-11930

CWE-79
 

 
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.

 

 >>> Vendor: Gtranslate 2 Produkty
Translate wordpress with gtranslate
Google language translator


Copyright 2024, cxsecurity.com

 

Back to Top