Google Language Translator Plugin Vulnerable to Reflected Cross-Site Scripting
CVE-2021-4452

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
Translate WordPress – Google Language Translator
Vendor
CVE Published:
16 October 2024

What is CVE-2021-4452?

The Google Language Translator plugin for WordPress displays vulnerabilities that expose authenticated users to the risk of Reflected Cross-Site Scripting. This occurs through multiple parameters that lack sufficient sanitization and proper output escaping. Attackers can leverage this weakness to inject arbitrary web scripts that can be executed upon tricking a user into engaging with a crafted link. The issue is particularly concerning for users with older web browsers, which may not adequately handle URL encoding, amplifying the risk of successful exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Translate WordPress – Google Language Translator * < 6.0.10

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset/2567706
https://plugins.trac.wordpress.org/changeset/2567703

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ramuel Gall
JSON
.