3 matches found
CVE-2024-8514
CVE-2024-8514 : The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to authenticated PHP Object Injection via deserialization of input in the prisna_import parameter for versions up to and including 1.4.11. An attacker with Administrator-level access could inject a PHP o...
CVE-2024-12679
The CVE-2024-12679 affects the Prisna GWT WordPress plugin and is due to inadequate sanitisation/escaping of certain settings in versions before 1.4.14. This can enable admin-level Stored XSS even when unfiltered_html is disallowed (e.g., multisite). The impact is stored XSS with potential privil...
CVE-2024-12680
CVE-2024-12680 affects the WordPress plugin Prisna GWT (Prisna GWT WordPress plugin) prior to 1.4.14. The issue stems from insufficient sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multis...