Google Language Translator Plugin Vulnerable to Reflected Cross-Site Scripting
CVE-2021-4452

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Translate WordPress – Google Language Translator
Vendor: CVE Published:; 16 October 2024

Summary

The Google Language Translator plugin for WordPress displays vulnerabilities that expose authenticated users to the risk of Reflected Cross-Site Scripting. This occurs through multiple parameters that lack sufficient sanitization and proper output escaping. Attackers can leverage this weakness to inject arbitrary web scripts that can be executed upon tricking a user into engaging with a crafted link. The issue is particularly concerning for users with older web browsers, which may not adequately handle URL encoding, amplifying the risk of successful exploitation.

Affected Version(s)

Translate WordPress – Google Language Translator * < 6.0.10

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/2567706

https://plugins.trac.wordpress.org/changeset/2567703

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Oct 15, 2024

Credit

Ramuel Gall