WordPress Plugin Vulnerabilities

Translation Exchange <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) within the Project Key text field found in the plugin's settings.

Proof of Concept

Affects Plugins

Plugin icon
translation-exchange
No known fix

References

CVE
CVE-2021-25057

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Rutuja D Shirke
Submitter
Rutuja D Shirke
Submitter website
https://www.linkedin.com/in/rutujashirke2812/
Verified
Yes
WPVDB ID
c0dd3ef1-579d-43a4-801a-660c41495d58

Timeline

Publicly Published
2022-01-18 (about 3 years ago)
Added
2022-01-18 (about 3 years ago)
Last Updated
2022-04-10 (about 3 years ago)

Other

Published
Title
Published
2023-09-19
Title
File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
Published
2025-03-24
Title
AuraMart <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-05-18
Title
Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting
Published
2023-01-26
Title
Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode
Published
2025-02-26
Title
WP Programmmanager <= 1.2 - Reflected XSS