cleantalk
Vulnerabilities and Security Researches

Translate WordPress with GTranslate, CVE-2021-25103

CVE, Research URL

CVE-2021-25103

Home page URL

Security reports for Translate WordPress with GTranslate

Application

Translate WordPress with GTranslate

Published on
Feb 07, 2022
Research Description
The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY
Affected versions
max 2.9.7.
Status
vulnerable
Previous vulnerability researches
Translate WordPress with GTranslate (CVE-2021-34630) , Jun 07, 2024
Translate WordPress with GTranslate (CVE-2021-25103) , Jun 07, 2024
Translate WordPress with GTranslate (CVE-2020-11930) , Jun 07, 2024
Translate WordPress with GTranslate (CVE-2022-0770) , Jun 07, 2024
Translate WordPress with GTranslate (CVE-2023-4502) , Jun 07, 2024
New vulnerability
Contact Form 7 Database Addon – CFDB7 , Feb 17, 2026
GoSMTP – SMTP for WordPress , Feb 17, 2026
User Role Editor , Feb 16, 2026
Post Types Order , Feb 11, 2026
Code Snippets , Feb 09, 2026