Vulnerabilities > Gtranslate

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2021-4452 Cross-site Scripting vulnerability in Gtranslate Google Language Translator
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping.
network
low complexity
gtranslate CWE-79
5.4
2023-09-25 CVE-2023-4502 Unspecified vulnerability in Gtranslate Translate Wordpress With Gtranslate
The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
gtranslate
4.8
2022-03-28 CVE-2022-0770 Unspecified vulnerability in Gtranslate Translate Wordpress With Gtranslate
The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them.
network
low complexity
gtranslate
8.8
2022-02-07 CVE-2021-25103 Cross-site Scripting vulnerability in Gtranslate Translate Wordpress With Gtranslate
The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue.
network
high complexity
gtranslate CWE-79
4.7
2021-11-08 CVE-2021-24594 Unspecified vulnerability in Gtranslate Google Language Translator
The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
low complexity
gtranslate
4.8
2021-07-30 CVE-2021-34630 Improper Encoding or Escaping of Output vulnerability in Gtranslate
In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI'].
network
low complexity
gtranslate CWE-116
6.1
2020-04-20 CVE-2020-11930 Cross-site Scripting vulnerability in Gtranslate Translate Wordpress With Gtranslate
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link.
network
low complexity
gtranslate CWE-79
6.1
2019-08-13 CVE-2016-10870 Cross-site Scripting vulnerability in Gtranslate Google Language Translator
The google-language-translator plugin before 5.0.06 for WordPress has XSS.
network
low complexity
gtranslate CWE-79
6.1