CVE-2021-25103

Name of the Vulnerable Software and Affected Versions Translate WordPress with GTranslate WordPress plugin versions prior to 2.9.7

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the body parameter in the url addon/gtranslate-email.php file is not properly sanitized and escaped before being outputted back on the page. Exploitation of this issue requires knowledge of the NONCE SALT and NONCE KEY.

Recommendations For versions prior to 2.9.7, update to version 2.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the url addon/gtranslate-email.php file to minimize the risk of exploitation.