cleantalk
Vulnerabilities and Security Researches

Translate Multilingual sites – TranslatePress, CVE-2021-24610

CVE, Research URL

CVE-2021-24610

Home page URL

Security reports for Translate Multilingual sites – TranslatePress

Application

Translate Multilingual sites – TranslatePress

Published on
Sep 27, 2021
Research Description
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.
Affected versions
Min -, max 2.0.9.
Status
vulnerable
Previous vulnerability researches
Translate Multilingual sites – TranslatePress (CVE-2024-34827) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2021-24610) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2022-3141) , Jun 07, 2024
Translate Multilingual sites – TranslatePress (CVE-2025-30773) , Mar 28, 2025
New vulnerability
SNORDIAN's H5PxAPIkatchu (CVE-2025-30821) , Apr 02, 2025
Product Author for WooCommerce (CVE-2025-30872) , Apr 02, 2025
Exchange Rates (CVE-2025-30864) , Apr 02, 2025
Cue by AudioTheme.com (CVE-2025-31787) , Apr 02, 2025
افزونه حمل و نقل ووکامرس (پست پیشتاز و سفارشی، پیک موتوری) (CVE-2025-30898) , Apr 02, 2025