13 Layers
SHARE

The TranslatePress WordPress plugin before 2.0.9 does not implement a suitable sanitisation on the translated strings. The ‘trp_sanitize_string’ function only removes script tag with a regex, nonmoving allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. (CVSS:0.0) (Concluding Update:2021-09-27)

13 Layers Managed Security Services