Lucene search

[email protected]NVD:CVE-2021-24910

HistoryAug 22, 2022 - 3:15 p.m.

CVE-2021-24910

2022-08-2215:15:12

CWE-79

[email protected]

web.nvd.nist.gov

transposh wordpress plugin

reflected cross-site scripting

ajax action

unauthenticated users

authenticated users

curl library

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.8%

JSON

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

Affected configurations

Nvd

Node

transposhtransposh_wordpress_translationRange<1.0.8wordpress

VendorProductVersionCPE
transposhtransposh_wordpress_translation*cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
transposh	transposh_wordpress_translation	*	cpe:2.3:a:transposh:transposh_wordpress_translation::::::wordpress::*

References

wpscan.com/vulnerability/b5cbebf4-5749-41a0-8be3-3333853fca17

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.8%

JSON

Related for NVD:CVE-2021-24910

cvelist1 nuclei1 zdt1 cve1 packetstorm1 prion1