WordPress Plugin Vulnerabilities

SrbTransLatin <= 1.46 - Stored XSS & CSRF

Description

The SrbTransLatin – Serbian Latinisation WordPress plugin was affected by a Stored XSS & CSRF security vulnerability.

Affects Plugins

Plugin icon
srbtranslatin
Fixed in 1.47

References

CVE
CVE-2018-5368
CVE
CVE-2018-5369
URL
https://github.com/d4wner/Vulnerabilities-Report/blob/master/SrbTransLatin.md

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
e9d80a01-35e1-4188-930e-9f6bb17fc20a

Timeline

Publicly Published
2018-01-11 (about 8 years ago)
Added
2018-01-12 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-11-10
Title
Fleet Manager < 2.6.0 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2023-11-29
Title
HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting
Published
2025-08-18
Title
Nexter Blocks < 4.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Published
2025-01-16
Title
Accessibility Task Manager <= 1.2.1 - Reflected Cross-Site Scripting
Published
2021-06-28
Title
Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography