CVE-2021-24910
Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 1.3%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
22 Aug 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
Affected products
Unknown · Transposh WordPress TranslationWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →