The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/90067336-c039-4cbe-aa9f-5eab5d1e1c3d | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-02-07T15:47:21
Updated: 2022-02-07T15:47:20
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-25103
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-07T16:15:45.370
Modified: 2022-02-10T21:34:54.093
Link: CVE-2021-25103
JSON object: View
Redhat Information
No data.
CWE