CVE-2021-24911

CVE-2021-24911: Transposh WordPress Translation < 1.0.8 - Stored Cross-Site Scripting

Vendor Unknown
Product Transposh WordPress Translation
Weakness CWE-79 · XSS
Published August 22, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.

Key dates

02Disclosure timeline

August 22, 2022 CVE published
August 3, 2024 Record updated