CVE-2021-24912

CVE-2021-24912: Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS

Vendor Unknown
Product Transposh WordPress Translation
Weakness CWE-352 · CSRF
Published August 22, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin

Key dates

02Disclosure timeline

August 22, 2022 CVE published
August 3, 2024 Record updated