Show filters
62 Total Results
Displaying 1-10 of 62
Sort by:
Attacker Value
Unknown

CVE-2024-13220

Disclosure Date: January 31, 2025 (last updated January 31, 2025)
The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
0
0
Attacker Value
Unknown

CVE-2025-23837

Disclosure Date: January 24, 2025 (last updated January 24, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from n/a through 1.0.
0
0
Attacker Value
Unknown

CVE-2024-37240

Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through 1.3.51.
0
0
Attacker Value
Unknown

CVE-2024-56029

Disclosure Date: January 02, 2025 (last updated January 02, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamwinner Easy Language Switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through 1.0.
0
0
Attacker Value
Unknown

CVE-2024-55999

Disclosure Date: December 16, 2024 (last updated December 18, 2024)
Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through 2.0.6.
0
0
Attacker Value
Unknown

CVE-2023-38383

Disclosure Date: December 13, 2024 (last updated December 18, 2024)
Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1.
0
0
Attacker Value
Unknown

CVE-2024-12572

Disclosure Date: December 13, 2024 (last updated December 18, 2024)
The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-11973

Disclosure Date: December 10, 2024 (last updated December 21, 2024)
The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-50375

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Translate AI Multilingual Solutions Google Language Translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through 6.0.19.
0
0
Attacker Value
Unknown

CVE-2024-38792

Disclosure Date: November 01, 2024 (last updated November 02, 2024)
Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress – ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 234.
0
0
View More Topics  Next >