PT-2023-9951 · WordPress · Kau-Boy Backend Localization Plugin
Matt Fuller
·
Published
2023-04-24
·
Updated
2024-05-17
·
CVE-2012-10014
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Kau-Boy Backend Localization Plugin version 2.0
Description
A problematic vulnerability has been found in the Kau-Boy Backend Localization Plugin on WordPress, affecting the function
backend localization admin settings/backend localization save setting/backend localization login form/localize backend of the file backend localization.php. This issue leads to cross-site scripting and can be launched remotely.Recommendations
For Kau-Boy Backend Localization Plugin version 2.0, upgrade to version 2.0.1 to address this issue. As a temporary workaround, consider disabling the
backend localization admin settings function until a patch is available. Restrict access to the backend localization.php file to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kau-Boy Backend Localization Plugin