5 matches found
WordPress Transposh WordPress Translation plugin <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp vulnerability
Reflected Cross-Site Scripting via tptp vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.7...
CVE-2021-24910
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24910.yaml...
CVE-2021-24910 Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...
CVE-2021-24910
The CVE-2021-24910 entry concerns the WordPress plugin Transposh Translation (before 1.0.8). Affected component: the plugin’s AJAX action, which unsafely outputs the unescaped value of the a parameter back in the response. Root cause: insufficient sanitisation/escaping of user input in the tp_tp ...
Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability (2)
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tptp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application...