TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
CVE-2021-24610
4.8MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 27 September 2021
What is CVE-2021-24610?
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.
Affected Version(s)
Translate Multilingual sites – TranslatePress 2.0.9