Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Vulnerability

Reflected XSS in GTranslate plugin of wordpress

Vulnerability Description

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.

CVE-ID

CVE-2020-11930

Vendor

GTranslate

Vulnerable Plugin

GTranslate plugin of wordpress

Disclosure Timeline

  1. 10th February 2020 reported to the vendor
  2. 18th February 2020 Fixed by vendor
  3. 20th April 2020 CVE assigned

Credits

Gaurav Nayak.