48 matches found
CVE-2021-24610
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...
Cross site scripting
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...
CVE-2021-24610 TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...
CVE-2021-24610
The CVE-2021-24610 entry concerns the WordPress TranslatePress plugin (pre-2.0.9). The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) caused by insufficient sanitisation in the translation pipeline: the trp_sanitize_string function only removes script tags via regex, permitti...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin TranslatePress, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute...
WordPress TranslatePress plugin <= 2.0.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Nosa Shandy in WordPress TranslatePress plugin versions = 2.0.8. Solution Update the WordPress TranslatePress plugin to the latest available version at least 2.0.9...
TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
The plugin does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. As admin...
TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
The plugin does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. PoC As...