Lucene search
K

48 matches found

OSV
OSV
added 2021/09/27 4:15 p.m.4 views

CVE-2021-24610

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...

4.8CVSS5.9AI score0.05432EPSS
Exploits5References2
Prion
Prion
added 2021/09/27 4:15 p.m.26 views

Cross site scripting

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...

3.5CVSS4.8AI score0.05432EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2021/09/27 3:25 p.m.17 views

CVE-2021-24610 TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored...

5.1AI score0.05432EPSS
Exploits5References2
CVE
CVE
added 2021/09/27 3:25 p.m.81 views

CVE-2021-24610

The CVE-2021-24610 entry concerns the WordPress TranslatePress plugin (pre-2.0.9). The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) caused by insufficient sanitisation in the translation pipeline: the trp_sanitize_string function only removes script tags via regex, permitti...

4.8CVSS4.8AI score0.05432EPSS
Exploits5References2Affected Software1
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.6 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin TranslatePress, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute...

4.8CVSS5.1AI score0.05432EPSS
Exploits5References5
Patchstack
Patchstack
added 2021/08/30 12:0 a.m.22 views

WordPress TranslatePress plugin <= 2.0.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Nosa Shandy in WordPress TranslatePress plugin versions = 2.0.8. Solution Update the WordPress TranslatePress plugin to the latest available version at least 2.0.9...

4.8CVSS1.8AI score0.05432EPSS
Exploits5References3Affected Software1
wpexploit
wpexploit
added 2021/08/30 12:0 a.m.166 views

TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The plugin does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. As admin...

4.8CVSS0.1AI score0.05432EPSS
Exploits5References1
WPVulnDB
WPVulnDB
added 2021/08/30 12:0 a.m.28 views

TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

The plugin does not implement a proper sanitisation on the translated strings. The 'trpsanitizestring' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. PoC As...

4.8CVSS0.2AI score0.05432EPSS
Exploits5References1Affected Software1
Rows per page
Query Builder