Reflected XSS Vulnerability in GTranslate Plugin for WordPress
CVE-2020-11930

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Translate WordPress With Gtranslate
Vendor
CVE Published:
20 April 2020

What is CVE-2020-11930?

The GTranslate plugin for WordPress, prior to version 2.8.52, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This issue arises from the improper handling of user input when utilizing the hreflang tags feature within a sub-domain or sub-directory paid option. Attackers could exploit this vulnerability by crafting a malicious link that, when clicked, embeds malicious scripts within the web page, potentially compromising user data and web application integrity.

References

https://wordpress.org/plugins/gtranslate/#developers
x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/2245581/gtra...
x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/2245591/gtra...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.