Translate WordPress with GTranslate, CVE-2023-4502

CVE, Research URL: CVE-2023-4502
Home page URL: Security reports for Translate WordPress with GTranslate
Application: Translate WordPress with GTranslate
Published on: Sep 25, 2023
Research Description: The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters.
Affected versions: max 3.0.4.
Status: vulnerable