Vulnerabilities and security researches forgoogle-language-translator google-language-translator

Oct 18, 2024

CVE, Research URL: CVE-2021-4452
Home page URL: Security reports for Translate WordPress – Google Language Translator
Application: Translate WordPress – Google Language Translator
Date: Oct 16, 2024
Research Description: The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support.
Affected versions: max 6.0.10.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-50375
Home page URL: Security reports for Translate WordPress – Google Language Translator
Application: Translate WordPress – Google Language Translator
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in Translate AI Multilingual Solutions Google Language Translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through 6.0.19.
Affected versions: max 6.0.20.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2022-0770
Home page URL: Security reports for Translate WordPress – Google Language Translator
Application: Translate WordPress – Google Language Translator
Date: Mar 28, 2022
Research Description: The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page
Affected versions: max 6.0.20.
Status: vulnerable

CVE, Research URL: CVE-2021-24594
Home page URL: Security reports for Translate WordPress – Google Language Translator
Application: Translate WordPress – Google Language Translator
Date: Nov 08, 2021
Research Description: The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions: max 6.0.12.
Status: vulnerable

CVE, Research URL: CVE-2016-10870
Home page URL: Security reports for Translate WordPress – Google Language Translator
Application: Translate WordPress – Google Language Translator
Date: Aug 13, 2019
Research Description: The google-language-translator plugin before 5.0.06 for WordPress has XSS.
Affected versions: max 5.0.0.
Status: vulnerable