WordPress TranslatePress 2.0.8 Cross Site Scripting

Topic created · 1 Posts · 6 Views
  • # Exploit Title: WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
    # Date: 06-08-2021
    # Exploit Author: Nosa Shandy (Apapedulimu)
    # Vendor Homepage: https://translatepress.com/
    # Software Link: https://wordpress.org/plugins/translatepress-multilingual/ 
    # Reference: https://wpscan.com/vulnerability/b87fcc2f-c2eb-4e23-9757-d1c590f26d3f
    # Version: 2.0.6 
    # Tested on: macOS 11.4
    # CVE : CVE-2021-24610
    The plugin does not implement a proper filter on the 'translated' parameter when input to the database. The 'trp\_sanitize\_string' function only check the "<script></script>" with the preg\_replace, the attacker can use the HTML Tag to execute javascript.
    Step To Reproduce:
    1. Go to http://localhost:8888/wordpress/?trp-edit-translation=true
    2. Input Gettext String
    3. Input the payload such as <img src=x onerror=alert(4)>
    4. Save, The payload will be executed.
    5. Look on the homepage will be affected.
    Video : https://drive.google.com/file/d/1PnvjHuKCvjmom6xz\_sxNLBu3jixCiHy\_/view?usp=sharing
Log in to reply