Back to search
CVE-2021-24912
Published: Aug 22, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin
| Vendor | Product | Versions |
|---|---|---|
Unknown | Transposh WordPress Translation | affected 1.0.8 - < 1.0.8 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now