The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. The vulnerability was due to outputting the WordPress add_query_arg function without prior escaping.
CPE | Name | Operator | Version |
---|---|---|---|
gtranslate | lt | 2.8.52 |