GTranslate < 2.8.52 - Unauthenticated Reflected Cross Site Scripting (XSS)



Description
The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.

The vulnerability was due to outputting the WordPress add_query_arg function without prior escaping. 
Proof of Concept
http://www.example.com/does_not_exist"><script>alert('XSS')</script><img src=x

Affects Plugin

fixed in version 2.8.52

References

CVE 2020-11930
URL https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Gaurav
Submitter Gaurav
Submitter Twitter 4auvar
Views 1936
Verified No
WPVDB ID 10181

Timeline

Publicly Published 2020-04-20 (about 1 month ago)
Added 2020-04-20 (about 1 month ago)
Last Updated 2020-05-20 (5 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin