CVE-2020-11930: WordPress plugin vulnerability

Share this with people that should know this:

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.

References

  • plugins.trac.wordpress.org/changeset/2245581/gtranslate
  • plugins.trac.wordpress.org/changeset/2245591/gtranslate
  • wordpress.org/plugins/gtranslate/#developers
  • Share this with people that should know this: