CVE-2021-24911
Last modified
CVE-2021-24911 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.. EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Transposh | Transposh Wordpress Translation | < 1.0.8 |
References
- https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24911?
How severe is CVE-2021-24911?
How do I fix CVE-2021-24911?
Are you affected by CVE-2021-24911?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST