WordPress Plugin Vulnerabilities

Google Language Translator < 6.0.10 - Authenticated (author+) Cross-Site Scripting (XSS)

Description

The plugin was vulnerable to Authenticated Cross-Site Scripting (XSS) allowing a user with Author role to execute malicious JavaScript via the glt shortcode.

Affects Plugins

Plugin icon
google-language-translator
Fixed in 6.0.10

References

URL
https://plugins.trac.wordpress.org/changeset/2567706
URL
https://plugins.trac.wordpress.org/changeset/2567703

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.6 (medium)

Miscellaneous

Original Researcher
pluginvulnerabilities
Verified
No
WPVDB ID
66337db9-0da5-4069-9807-102eaeb72bdd

Timeline

Publicly Published
2021-07-21 (about 4 years ago)
Added
2021-07-21 (about 4 years ago)
Last Updated
2021-07-21 (about 4 years ago)

Other

Published
Title
Published
2021-10-19
Title
Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting
Published
2025-03-25
Title
Widget for Social Page Feeds < 6.4.2 - Admin+ Stored XSS
Published
2014-04-25
Title
WP eBay Product Feeds < 1.2 - Cross-Site Scripting via rss_url Parameter
Published
2025-06-12
Title
Meks Flexible Shortcodes < 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-30
Title
WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting