WordPress Loco Translate Plugin <= 2.5.3 is vulnerable to Direct static code injection

Patch priority: low
Resolve by 10 November, 2021 Low priority
7.2
High severity CVSS 3.1 score

Prevent exploits against this and future vulnerabilities!

Protect now

Solution

Fixed Update to fix

Update the WordPress Loco Translate plugin to the latest available version (at least 2.5.4).

Tomi Ashari discovered and reported this Direct static code injection vulnerability in WordPress Loco Translate Plugin. Direct static code injection is a vulnerability which could allow a malicious actor to inject machine or script code which is directly executed by the target application. This could allow a malicious actor to create a backdoor and gain full control of the website. This vulnerability has been fixed in version 2.5.4.

Have additional information or questions about this entry? Get in touch.

Other vulnerabilities in this plugin

0 present
2 fixed
View all
Mobile Menu

Let us know if we have missed a vulnerability reported elsewhere

Mobile Menu Close

Thank you for contributing!

Close Mobile Menu