Update the WordPress Loco Translate plugin to the latest available version (at least 2.5.4).
Tomi Ashari discovered and reported this Direct static code injection vulnerability in WordPress Loco Translate Plugin. Direct static code injection is a vulnerability which could allow a malicious actor to inject machine or script code which is directly executed by the target application. This could allow a malicious actor to create a backdoor and gain full control of the website. This vulnerability has been fixed in version 2.5.4.
Have additional information or questions about this entry? Get in touch.