CVE-2020-11930

{"id": "CVE-2020-11930", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-04-20T01:15:11.107", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/2245581/gtranslate", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://plugins.trac.wordpress.org/changeset/2245591/gtranslate", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wordpress.org/plugins/gtranslate/#developers", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/10181", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option."}, {"lang": "es", "value": "El plugin GTranslate versiones anteriores a 2.8.52 para WordPress, hay una vulnerabilidad de tipo XSS reflejado por medio de un enlace especialmente dise\u00f1ado. Esto requiere el uso de la caracter\u00edstica hreflang tags dentro de una opci\u00f3n de pago del subdominio o subdirectorio."}], "lastModified": "2020-05-19T14:15:10.893", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4686342C-3FC3-46BA-B08A-5D43FE021C86", "versionEndExcluding": "2.8.52"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}