CVE-2021-24594

CVE-2021-24594: Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product Translate WordPress – Google Language Translator
Weakness CWE-79 · XSS
Published November 8, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Key dates

02Disclosure timeline

November 8, 2021 CVE published
August 3, 2024 Record updated