Vulnerability CVE-2021-24911


Published: 2022-08-22

Description:
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Transposh WordPress Translation 1.0.7 Cross Site Scripting
Julien Ahrens
01.08.2022

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55

Copyright 2024, cxsecurity.com

 

Back to Top