CVE-2021-24910

Name of the Vulnerable Software and Affected Versions Transposh WordPress Translation plugin versions prior to 1.0.8

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the a parameter is not properly sanitised and escaped via an AJAX action. This action is available to both unauthenticated and authenticated users when the curl library is installed, allowing the parameter to be outputted back in the response.

Recommendations For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or disabling the curl library until the update is applied.