Vulnerability
Reflected XSS in GTranslate plugin of wordpress
Vulnerability Description
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
CVE-ID
Vendor
GTranslate
Vulnerable Plugin
GTranslate plugin of wordpress
Disclosure Timeline
- 10th February 2020 reported to the vendor
- 18th February 2020 Fixed by vendor
- 20th April 2020 CVE assigned
Credits
Gaurav Nayak.