Filtered by vendor Gtranslate
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0770 | 1 Gtranslate | 1 Translate Wordpress With Gtranslate | 2022-04-04 | 6.8 MEDIUM | 8.8 HIGH |
| The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page | |||||
| CVE-2021-25103 | 1 Gtranslate | 1 Translate Wordpress With Gtranslate | 2022-02-10 | 2.6 LOW | 4.7 MEDIUM |
| The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY | |||||
| CVE-2021-24594 | 1 Gtranslate | 1 Google Language Translator | 2021-11-10 | 3.5 LOW | 4.8 MEDIUM |
| The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-34630 | 1 Gtranslate | 1 Gtranslate | 2021-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an attacker is able to modify the request en route between the client and the server, or in cases where the user is using an atypical browsing solution. | |||||
| CVE-2020-11930 | 1 Gtranslate | 1 Translate Wordpress With Gtranslate | 2020-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. | |||||
| CVE-2016-10870 | 1 Gtranslate | 1 Google Language Translator | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-language-translator plugin before 5.0.06 for WordPress has XSS. | |||||