CVE-2021-24911

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55	Exploit Third Party Advisory
https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:53

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55 - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55 - Exploit, Third Party Advisory

Information

Published : 2022-08-22 15:15

Updated : 2024-11-21 05:53

NVD link : CVE-2021-24911

Mitre link : CVE-2021-24911

CVE.ORG link : CVE-2021-24911

JSON object : View

Products Affected

transposh

transposh_wordpress_translation

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-24911", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-08-22T15:15:12.937", "references": [{"url": "https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin \"Who can translate ?\" setting."}, {"lang": "es", "value": "El plugin Transposh WordPress Translation de WordPress versiones anteriores a 1.0.8, no sanea ni escapa del par\u00e1metro tk0 de la acci\u00f3n AJAX tp_translation, lo que conlleva a un problema de tipo Cross-Site Scripting Almacenado, que se ejecutar\u00e1 en el panel de administraci\u00f3n del plugin. El rol m\u00ednimo necesario para llevar a cabo este ataque depende de la configuraci\u00f3n del plugin \"\u00bfQui\u00e9n puede traducir?"}], "lastModified": "2024-11-21T05:53:59.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B736AFD5-2738-4A0B-BCD3-79241ED06CBA", "versionEndExcluding": "1.0.8"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}