The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-28T17:23:19
Updated: 2024-08-02T23:40:03.938Z
Reserved: 2022-02-27T00:00:00
Link: CVE-2022-0770
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-03-28T18:15:09.690
Modified: 2022-04-04T18:55:52.103
Link: CVE-2022-0770
Redhat
No data.