CVE-2021-25103

The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the urladdon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires...

Cross site scripting

The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisi...

Cross site request forgery (csrf)

The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access t...

CVE-2022-0770

The Translate WordPress with GTranslate plugin for WordPress is affected by a CSRF vulnerability in versions before 2.9.9, due to missing CSRF checks in certain files. This flaw can cause the plugin to write debug data such as a user’s cookies to publicly accessible files when a specific paramete...