ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Google Language Translator Plugin <= 4.0.9 - Cross Site Scripting

Product
Google Language Translator
Description
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Vulnerable parameter is "googlelanguagetranslator_flags_order".
Solution
Upgrade this plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Cinu
CVE
Name CVE-N/A
Versions
Affected In <= 4.0.9
Fixed In 5.0.0
Disclosure date
2015-08-13
Submitter
ThreatPress