What is CVE-2021-24610?

CVE-2021-24610 is a vulnerability in the TranslatePress WordPress plugin before version 2.0.9 that allows for the execution of JavaScript through unsanitized translated strings.

How does CVE-2021-24610 impact WordPress websites?

CVE-2021-24610 allows attackers to execute malicious JavaScript code on vulnerable TranslatePress WordPress installations, potentially leading to cross-site scripting (XSS) attacks.

What is the severity of CVE-2021-24610?

CVE-2021-24610 has a severity rating of medium with a CVSS score of 4.8.

How can CVE-2021-24610 be exploited?

Attackers can exploit CVE-2021-24610 by injecting malicious JavaScript code into translated strings, which will be executed when viewed by authenticated users.

Is there a patch available for CVE-2021-24610?

Yes, the vulnerability has been addressed in version 2.0.9 of the TranslatePress WordPress plugin, so updating to this version or later will fix the issue.

Vulnerability/
CVE-2021-24610

medium

4.8

CWE

27/9/2021

3/8/2024

CVE-2021-24610: TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting

First published: Mon Sep 27 2021(Updated: )

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.

Credit: contact@wpscan.com

Affected Software	Affected Version	How to fix
TranslatePress	<2.0.9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-24610?
CVE-2021-24610 is a vulnerability in the TranslatePress WordPress plugin before version 2.0.9 that allows for the execution of JavaScript through unsanitized translated strings.
How does CVE-2021-24610 impact WordPress websites?
CVE-2021-24610 allows attackers to execute malicious JavaScript code on vulnerable TranslatePress WordPress installations, potentially leading to cross-site scripting (XSS) attacks.
What is the severity of CVE-2021-24610?
CVE-2021-24610 has a severity rating of medium with a CVSS score of 4.8.
How can CVE-2021-24610 be exploited?
Attackers can exploit CVE-2021-24610 by injecting malicious JavaScript code into translated strings, which will be executed when viewed by authenticated users.
Is there a patch available for CVE-2021-24610?
Yes, the vulnerability has been addressed in version 2.0.9 of the TranslatePress WordPress plugin, so updating to this version or later will fix the issue.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/event
agent/first-publish-date
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cozmoslabs
canonical/translatepress

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.