Lucene search
GauravWPVDB-ID:41DFDDB3-0901-4135-9E50-0AA39A851916HistoryApr 20, 2020 - 12:00 a.m.
GTranslate < 2.8.52 - Unauthenticated Reflected Cross Site Scripting (XSS)
2020-04-2000:00:00
Gaurav
wpscan.com
7
The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. The vulnerability was due to outputting the WordPress add_query_arg function without prior escaping.
PoC
| CPE | Name | Operator | Version |
|---|---|---|---|
| gtranslate | lt | 2.8.52 |
Related
cve
cve
CVE-2020-11930
2020-04-20 01:15:00
nuclei
nuclei
WordPress GTranslate <2.8.52 - Cross-Site Scripting
2021-06-21 08:41:20
openvas
openvas
WordPress GTranslate Plugin < 2.8.52 XSS Vulnerability
2020-04-19 00:00:00
patchstack
patchstack
wpexploit
wpexploit
GTranslate < 2.8.52 - Unauthenticated Reflected Cross Site Scripting (XSS)
2020-04-20 00:00:00
prion
prion
Cross site scripting
2020-04-20 01:15:00
checkpoint_advisories
checkpoint_advisories
Related for WPVDB-ID:41DFDDB3-0901-4135-9E50-0AA39A851916