Showing 1 - 1 of 1

CVE-2022-0765

Status Candidate

Overview

The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin (Translator and Administrator by default) to add arbitrary javascript payloads to the source strings leading to a stored cross-site scripting (XSS) vulnerability.

Related Files

WordPress Loco Translate Cross Site Scripting: Posted Apr 7, 2022; Authored by Taurus Omar; WordPress Loco Translate plugin versions prior to 2.6.1 suffer from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2022-0765; SHA-256 | 89947839a0f022f27bf4e7359d1a8f8308d5cfc0bacc3631b9f3c6128744b460; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 217 files
Ubuntu 101 files
Debian 23 files
Gentoo 23 files
tmrswrr 8 files
Amit Roy 4 files
Google Security Research 3 files
Furkan Eren Tetik 3 files
Aslam Anwar Mahimkar 3 files
ron190 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,074)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,523)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,242)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,193)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,636)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

CVE-2022-0765

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems