| CVE | CVE-2022-0770 |
|---|---|
| CVSS | High (8.8) |
| Publicly Published | March 7, 2022 |
| Last Updated | January 22, 2024 |
| Researcher |
Diogo Real
|
The Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress – Google Language Translator <= 6.0.13 WordPress plugins do not have proper capabilities checks in the /wp-content/plugins/gtranslate/url_addon/gtranslate.php file which writes debug data such as user's cookies in a publicly accessible file when the enable_debug parameter is set to true. This would make it possible for an attacker to steal and administrators cookies if they can successfully trick them into accessing that file with the parameter set.
References| Software Type | Plugin |
|---|---|
| Software Slug | gtranslate (view on wordpress.org) |
| Patched? | Yes |
| Affected Version |
|
| Patched Version |
|
| Software Type | Plugin |
| Software Slug | google-language-translator (view on wordpress.org) |
| Patched? | Yes |
| Affected Version |
|
| Patched Version |
|
Copyright 2012-2026 Defiant Inc.
License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.
License Detail.