WordPress Transposh WordPress Translation plugin <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation' vulnerability

Unauthenticated Stored Cross-Site Scripting via 'tptranslation' vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.7...

CVE-2021-24911

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tptranslation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack...

CVE-2021-24911

The CVE relates to the Transposh WordPress Translation plugin for WordPress, affected versions prior to 1.0.8. The root cause is failure to sanitize and escape the tk0 parameter in the tp_translation AJAX action, allowing Stored Cross-Site Scripting. Impact is an XSS that can trigger in the plugi...

CVE-2021-24911 Transposh WordPress Translation < 1.0.8 - Stored Cross-Site Scripting

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tptranslation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack...

Transposh WordPress Translation 1.0.7 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Scripting CWE-79 Date found: 2021-08-19 Date published:...