Back to search
CVE-2021-24911
Published: Aug 22, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Transposh WordPress Translation | affected 1.0.8 - < 1.0.8 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now