Vulnerabilities > CVE-2021-24610 - Unspecified vulnerability in Cozmoslabs Translatepress
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/164306/WordPress-TranslatePress-2.0.8-Cross-Site-Scripting.html
- http://packetstormsecurity.com/files/164306/WordPress-TranslatePress-2.0.8-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/b87fcc2f-c2eb-4e23-9757-d1c590f26d3f
- https://wpscan.com/vulnerability/b87fcc2f-c2eb-4e23-9757-d1c590f26d3f