Nosa Shandy (Apapedulimu)

1 exploit Active since Sep 2021
CVE-2021-24610 EXPLOITDB MEDIUM text WRITEUP
TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting via Insufficient String Sanitization
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.
CVSS 4.8