Reflected XSS in GTranslate Pro and GTranslate Enterprise < 2.8.65
CVE-2021-34630

5MEDIUM

Key Information:

Vendor: Translate Ai Multilingual Solutions
Status: Gtranslate Pro And Gtranslate Enterprise
Vendor: CVE Published:; 30 July 2021

🔔 Create Translate Ai Multilingual Solutions Vulnerability Alert

What is CVE-2021-34630?

In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an attacker is able to modify the request en route between the client and the server, or in cases where the user is using an atypical browsing solution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GTranslate Pro and GTranslate Enterprise 2.8.65

References

https://plugins.svn.wordpress.org/gtranslate/tags/2.8.64/...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2021
Vulnerability Reserved
Jun 10, 2021

JSON

Translate Ai Multilingual Solutions