"TITLE":"Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting"
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"generator":"WPScan CVE Generator",
"affects":{
"vendor":{
"vendor_data":[
{
"vendor_name":"Unknown",
"product":{
"product_data":[
{
"product_name":"Translate WordPress – Google Language Translator",
"version":{
"version_data":[
{
"version_affected":"<",
"version_name":"6.0.12",
"version_value":"6.0.12"
}
]
}
}
]
}
}
]
}
},
"description":{
"description_data":[
{
"lang":"eng",
"value":"The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
