CVE-2022-0770

Name of the Vulnerable Software and Affected Versions Translate WordPress with GTranslate WordPress plugin versions prior to 2.9.9

Description The issue allows an attacker to gain access to a logged-in admin's cookies by making them open a malicious link or page. This is possible due to the lack of a CSRF check in some files and the writing of debug data, such as a user's cookies, to a publicly accessible file when a specific parameter is used in a request.

Recommendations For versions prior to 2.9.9, update to version 2.9.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the debug data files to minimize the risk of exploitation. Avoid using the specific parameter that triggers the writing of debug data to a publicly accessible file until the issue is resolved.