CVE-2017-15811

Name of the Vulnerable Software and Affected Versions Pootle Button plugin versions prior to 1.2.0

Description The issue allows for XSS exploitation via the assets url parameter in "assets/dialog.php", which can be accessed through the "/wp-admin/admin-ajax.php" API endpoint.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "assets/dialog.php" file and the "/wp-admin/admin-ajax.php" API endpoint to minimize the risk of exploitation. Avoid using the assets url parameter in the affected API endpoint until the issue is resolved.