Lucene search
WPScanCVELIST:CVE-2022-0765HistoryApr 18, 2022 - 5:10 p.m.
CVE-2022-0765 Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-04-1817:10:35
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
24.9%
The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability.
CNA Affected
[
{
"product": "Loco Translate",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.1",
"status": "affected",
"version": "2.6.1",
"versionType": "custom"
}
]
}
]Related
packetstorm
packetstorm
WordPress Loco Translate Cross Site Scripting
2022-04-07 00:00:00
cve
cve
CVE-2022-0765
2022-04-18 18:15:08
patchstack
patchstack
wpvulndb
wpvulndb
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-03-22 00:00:00
nvd
nvd
CVE-2022-0765
2022-04-18 18:15:08
zdt
zdt
wpexploit
wpexploit
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-03-22 00:00:00
prion
prion
Cross site scripting
2022-04-18 18:15:00