CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2023-50375 – Google Language Translator <= 6.0.19 - Missing Authorization via admin notifications
https://notcve.org/view.php?id=CVE-2023-50375
The Google Language Translator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple admin notification functions in versions up to, and including, 6.0.19. This makes it possible for unauthenticated attackers to set admin notifications to an ignored status. • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24594 – Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24594
The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Translate WordPress - Google Language Translator de WordPress versiones anteriores a 6.0.12, no sanea ni escapa de algunas de sus configuraciones antes de emitirlas en varias páginas, permitiendo a usuarios muy privilegiados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://plugins.trac.wordpress.org/changeset/2607480 https://wpscan.com/vulnerability/cf7b0f07-8b9b-40a1-ba7b-e8d34f515a6b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10870 – Google Language Translator <= 5.0.05 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10870
The google-language-translator plugin before 5.0.06 for WordPress has XSS. El complemento google-language-translator anterior a 5.0.06 para WordPress tiene XSS • https://wordpress.org/plugins/google-language-translator/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •