Technical
Advisory
Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.


Vulnerability
Reflected XSS in GTranslate plugin of wordpress
Vulnerability Description
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
CVE-ID
Vendor
GTranslate
Vulnerable Plugin
GTranslate plugin of wordpress
Disclosure Timeline
- 10th February 2020 reported to the vendor
- 18th February 2020 Fixed by vendor
- 20th April 2020 CVE assigned
Credits
Gaurav Nayak.