Security Advisory

CVE-2021-24721

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-08 17:35:14

Last updated 2024-08-03 19:42:16

Assigner WPScan

State PUBLISHED

Description

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations.

← Browse all CVEs View on cve.org ↗