Published: 27/09/2021 Updated: 04/10/2021

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

The TranslatePress WordPress plugin prior to 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cozmoslabs translatepress

WordPress TranslatePress plugin version 208 suffers from a persistent cross site scripting vulnerability ...

Learning source code review, spot vulnerability, find some ways how to fix it.

Learn Source Code Review Learning source code review, spot vulnerability, find some ways how to fix it WordPress Plugin Authenticated Stored XSS on Custom text for the floating widget field - Translate WordPress – Google Language Translator Translate Multilingual sites - TranslatePress < 209 - Authenticated Stored Cross-Site Scripting - CVE-2021-24610 Crowdsign

CWE-79 https://wpscan.com/vulnerability/b87fcc2f-c2eb-4e23-9757-d1c590f26d3f http://packetstormsecurity.com/files/164306/WordPress-TranslatePress-2.0.8-Cross-Site-Scripting.html https://nvd.nist.gov https://github.com/apapedulimu/Learn-Source-Code-Review https://packetstormsecurity.com/files/164306/WordPress-TranslatePress-2.0.8-Cross-Site-Scripting.html

CVE-2021-24610

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect