S4E

CVE-2021-24910 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Transposh plugin for WordPress affects v. before 1.0.8.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Time Interval

696 sec

Scan only one

Url

Toolbox

-

The Transposh plugin is a highly popular translation plugin for WordPress, which allows website owners to offer their content in different languages. This plugin provides multiple options for automatic and manual translation on the website, with the ability to edit translations easily. Transposh has been created to cater to the needs of website owners who aim to serve content to a global audience in their own language. This plugin has become a valuable tool, particularly for businesses that want to grow their audience overseas.

CVE-2021-24910 is a vulnerability detected in the Transposh WordPress Translation plugin that affects versions before 1.0.8. The vulnerability occurs due to a lack of sanitisation and escape of the "a" parameter when executing an action via AJAX. This leaves the user open to a Reflected Cross-Site Scripting (XSS) attack, a form of injection attack where an attacker injects malicious code into a website, allowing them to control the behaviour of the site and steal sensitive data.

When exploited, this vulnerability can lead to serious consequences, affecting the integrity of the entire website, along with any data stored on it. An attacker can send a crafted link to a victim and execute harmful scripts via the browser once clicked. This may lead to unauthorized access to sensitive data, including login credentials, personal information of users, and payment details.

In summary, it is essential to remain vigilant when it comes to the security of digital assets, particularly with plugins such as Transposh that are widely adopted. Thanks to the pro features of the s4e.io platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets and take steps to prevent any attacks. It is vital to secure websites and ensure they remain protected.

 

REFERENCES

Get started to protecting your Free Full Security Scan