CVE-2022-3036 Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting

2022-09-1914:01:06

CWE-79

WPScan

www.cve.org

cve-2022-3036; gettext; translations; wordpress; stored cross-site scripting; admin; settings; high privilege users; unfiltered_html capability

EPSS

0.001

Percentile

24.8%

JSON

The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CNA Affected

[
  {
    "product": "Gettext override translations",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/0dbc85dd-736c-492e-9db8-acb7195771aa

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2022-3036