WordPress Plugin Vulnerabilities

Google Language Translator < 6.0.10 - Authenticated Cross-Site Scripting (XSS)

Description

The plugin was vulnerable to Authenticated Cross-Site Scripting (XSS) only affecting older web browsers such as Internet Explorer <= 9.

Affects Plugins

Plugin icon
google-language-translator
Fixed in 6.0.10

References

URL
https://plugins.trac.wordpress.org/changeset/2567706

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.1 (low)

Miscellaneous

Original Researcher
Ram Gall (Wordfence)
Verified
No
WPVDB ID
1bd8bc19-5a6f-410b-897e-4887c05378ea

Timeline

Publicly Published
2021-07-21 (about 4 years ago)
Added
2021-07-21 (about 4 years ago)
Last Updated
2021-07-21 (about 4 years ago)

Other

Published
Title
Published
2025-09-05
Title
short.io <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-10-11
Title
Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting
Published
2025-06-05
Title
StageShow <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter
Published
2022-09-19
Title
Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting
Published
2024-05-20
Title
Elementor Website Builder < 3.21.6 - Contributor+ DOM Stored XSS