2021-09-27 15:25:23
WPScan
PUBLISHED
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The trp_sanitize_string function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.