CVE-2021-24610

Name of the Vulnerable Software and Affected Versions TranslatePress WordPress plugin versions prior to 2.0.9

Description The issue arises from the improper sanitization of translated strings. The trp sanitize string function only removes script tags using a regex, but still allows other HTML tags and attributes to execute JavaScript, potentially leading to authenticated Stored Cross-Site Scripting issues.

Recommendations For versions prior to 2.0.9, update to version 2.0.9 or later to resolve the issue. As a temporary workaround, consider disabling the trp sanitize string function until a patch is available. Restrict access to translated strings to minimize the risk of exploitation. Avoid using HTML tags and attributes in translated strings until the issue is resolved.