CVE-2021-24910 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Transposh plugin for WordPress affects v. before 1.0.8.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
696 sec
Scan only one
Url
Toolbox
-
The Transposh plugin is a highly popular translation plugin for WordPress, which allows website owners to offer their content in different languages. This plugin provides multiple options for automatic and manual translation on the website, with the ability to edit translations easily. Transposh has been created to cater to the needs of website owners who aim to serve content to a global audience in their own language. This plugin has become a valuable tool, particularly for businesses that want to grow their audience overseas.
CVE-2021-24910 is a vulnerability detected in the Transposh WordPress Translation plugin that affects versions before 1.0.8. The vulnerability occurs due to a lack of sanitisation and escape of the "a" parameter when executing an action via AJAX. This leaves the user open to a Reflected Cross-Site Scripting (XSS) attack, a form of injection attack where an attacker injects malicious code into a website, allowing them to control the behaviour of the site and steal sensitive data.
When exploited, this vulnerability can lead to serious consequences, affecting the integrity of the entire website, along with any data stored on it. An attacker can send a crafted link to a victim and execute harmful scripts via the browser once clicked. This may lead to unauthorized access to sensitive data, including login credentials, personal information of users, and payment details.
In summary, it is essential to remain vigilant when it comes to the security of digital assets, particularly with plugins such as Transposh that are widely adopted. Thanks to the pro features of the s4e.io platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets and take steps to prevent any attacks. It is vital to secure websites and ensure they remain protected.
REFERENCES