Lucene search
WPScanCVELIST:CVE-2023-4502HistorySep 25, 2023 - 3:56 p.m.
CVE-2023-4502 Translate WordPress with GTranslate < 3.0.4 - Admin+ Stored XSS
2023-09-2515:56:55
WPScan
www.cve.org
wordpress
gtranslate
stored xss
vulnerability
multisite
0.0004 Low
EPSS
Percentile
14.1%
The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Translate WordPress with GTranslate",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "3.0.4"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
Translate WordPress with GTranslate < 3.0.4 - Admin+ Stored XSS
2023-08-30 00:00:00
openvas
openvas
WordPress GTranslate Plugin < 3.0.4 XSS Vulnerability
2023-09-26 00:00:00
cve
cve
CVE-2023-4502
2023-09-25 16:15:15
nvd
nvd
CVE-2023-4502
2023-09-25 16:15:15
wpvulndb
wpvulndb
Translate WordPress with GTranslate < 3.0.4 - Admin+ Stored XSS
2023-08-30 00:00:00
prion
prion
Cross site scripting
2023-09-25 16:15:00