Security Advisory

CVE-2021-24911

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-22 14:56:13
Last updated 2024-08-03 19:49:14
Assigner WPScan
State PUBLISHED

Description

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.