CVE-2021-24912

Summary

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin

Affected Software

VendorProductVersion RangeStatus
UnknownTransposh WordPress Translation1.0.8 < 1.0.8affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
  • CWE-79: CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References