Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-11930 — Cross-site Scripting in Translate Wordpress With Gtranslate

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

4.5%

top 10.92%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Gtranslate Translate Wordpress With Gtranslate

Timeline

PublishedApr 20

Latest updateMay 24

Description

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDgtranslate/translate_wordpress_with_gtranslate< 2.8.52

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-gxjf-97vj-jhcg: The GTranslate plugin before 2↗2022-05-24

▶

CVEList

CVE-2020-11930: The GTranslate plugin before 2↗2020-04-20

▶

💥Exploits & PoCs

Nuclei

WordPress GTranslate <2.8.52 - Cross-Site Scripting

▶