| |
Vulnerability CVE-2021-24911
Published: 2022-08-22
| Description: |
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting. |
See advisories in our WLB2 database: | Topic | Author | Date |
Low |
| Julien Ahrens | 01.08.2022 |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References: |
https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
