The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Ryanchristenson |
|
No data.
References
History
Tue, 27 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ryanchristenson
Ryanchristenson babeiz |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:ryanchristenson:babeiz:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Ryanchristenson
Ryanchristenson babeiz |
Tue, 20 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The BabelZ WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
| Title | BabelZ – Google Translate Widget <= 1.1.5 - CSRF to Stored XSS | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2025-05-15T20:07:13.968Z
Updated: 2025-05-20T19:19:47.523Z
Reserved: 2024-08-22T13:54:13.287Z
Link: CVE-2024-8095
Vulnrichment
Updated: 2025-05-19T20:24:30.468Z
NVD
Status : Analyzed
Published: 2025-05-15T20:15:57.937
Modified: 2025-05-27T19:57:24.200
Link: CVE-2024-8095
Redhat
No data.