.. | |||
README.md | Loading last commit info... |
README.md
GTranslate < 2.8.52 - Unauthenticated Reflected Cross Site Scripting (XSS)
Description
The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
The vulnerability was due to outputting the WordPress add_query_arg function without prior escaping.
Proof of Concept
http://www.example.com/does_not_exist"><script>alert('XSS')</script><img src=x