2 matches found
CVE-2022-0765 Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add...
CVE-2022-0765
CVE-2022-0765 affects the WordPress Loco Translate plugin prior to version 2.6.1. A stored XSS exists because the plugin does not properly remove inline events from source translation strings before output in the editor, allowing authenticated users (Translator/Administrator by default) to inject...