Search criteria
4 vulnerabilities found for Language Translate Widget for WordPress – ConveyThis by conveythis
CVE-2025-57919 (GCVE-0-2025-57919)
Vulnerability from cvelistv5 – Published: 2025-09-22 18:25 – Updated: 2025-09-23 14:05
VLAI?
Title
WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 264 - PHP Object Injection Vulnerability
Summary
Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 264.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ConveyThis | Language Translate Widget for WordPress – ConveyThis |
Affected:
n/a , ≤ 264
(custom)
|
Credits
mcdruid (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T14:04:57.479980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T14:05:15.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "conveythis-translate",
"product": "Language Translate Widget for WordPress \u2013 ConveyThis",
"vendor": "ConveyThis",
"versions": [
{
"lessThanOrEqual": "264",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "mcdruid (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDeserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress \u2013 ConveyThis allows Object Injection.\u003c/p\u003e\u003cp\u003eThis issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 264.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress \u2013 ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 264."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:25:14.127Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/conveythis-translate/vulnerability/wordpress-language-translate-widget-for-wordpress-conveythis-plugin-264-php-object-injection-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Language Translate Widget for WordPress \u2013 ConveyThis Plugin \u003c= 264 - PHP Object Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-57919",
"datePublished": "2025-09-22T18:25:14.127Z",
"dateReserved": "2025-08-22T11:36:12.721Z",
"dateUpdated": "2025-09-23T14:05:15.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6811 (GCVE-0-2023-6811)
Vulnerability from cvelistv5 – Published: 2024-04-11 01:51 – Updated: 2024-08-02 08:42
VLAI?
Summary
The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| conveythis | Language Translate Widget for WordPress – ConveyThis |
Affected:
* , ≤ 223
(semver)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:conveythis:language_translate_widget_for_word_press_conveythis:223:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "language_translate_widget_for_word_press_conveythis",
"vendor": "conveythis",
"versions": [
{
"lessThanOrEqual": "223",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:25:10.600790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T17:29:25.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/093af92e-bbc2-463a-8547-0e48fb356655?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3067865%40conveythis-translate%2Ftrunk\u0026old=3062168%40conveythis-translate%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Language Translate Widget for WordPress \u2013 ConveyThis",
"vendor": "conveythis",
"versions": [
{
"lessThanOrEqual": "223",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Language Translate Widget for WordPress \u2013 ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027api_key\u2019 parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-11T01:51:36.578Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/093af92e-bbc2-463a-8547-0e48fb356655?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3067865%40conveythis-translate%2Ftrunk\u0026old=3062168%40conveythis-translate%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6811",
"datePublished": "2024-04-11T01:51:36.578Z",
"dateReserved": "2023-12-13T21:56:18.456Z",
"dateUpdated": "2024-08-02T08:42:07.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57919 (GCVE-0-2025-57919)
Vulnerability from nvd – Published: 2025-09-22 18:25 – Updated: 2025-09-23 14:05
VLAI?
Title
WordPress Language Translate Widget for WordPress – ConveyThis Plugin <= 264 - PHP Object Injection Vulnerability
Summary
Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress – ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress – ConveyThis: from n/a through 264.
Severity ?
7.2 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ConveyThis | Language Translate Widget for WordPress – ConveyThis |
Affected:
n/a , ≤ 264
(custom)
|
Credits
mcdruid (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T14:04:57.479980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T14:05:15.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "conveythis-translate",
"product": "Language Translate Widget for WordPress \u2013 ConveyThis",
"vendor": "ConveyThis",
"versions": [
{
"lessThanOrEqual": "264",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "mcdruid (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDeserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress \u2013 ConveyThis allows Object Injection.\u003c/p\u003e\u003cp\u003eThis issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 264.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in ConveyThis Language Translate Widget for WordPress \u2013 ConveyThis allows Object Injection. This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n/a through 264."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:25:14.127Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/conveythis-translate/vulnerability/wordpress-language-translate-widget-for-wordpress-conveythis-plugin-264-php-object-injection-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Language Translate Widget for WordPress \u2013 ConveyThis Plugin \u003c= 264 - PHP Object Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-57919",
"datePublished": "2025-09-22T18:25:14.127Z",
"dateReserved": "2025-08-22T11:36:12.721Z",
"dateUpdated": "2025-09-23T14:05:15.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6811 (GCVE-0-2023-6811)
Vulnerability from nvd – Published: 2024-04-11 01:51 – Updated: 2024-08-02 08:42
VLAI?
Summary
The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
7.2 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| conveythis | Language Translate Widget for WordPress – ConveyThis |
Affected:
* , ≤ 223
(semver)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:conveythis:language_translate_widget_for_word_press_conveythis:223:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "language_translate_widget_for_word_press_conveythis",
"vendor": "conveythis",
"versions": [
{
"lessThanOrEqual": "223",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:25:10.600790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T17:29:25.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/093af92e-bbc2-463a-8547-0e48fb356655?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3067865%40conveythis-translate%2Ftrunk\u0026old=3062168%40conveythis-translate%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Language Translate Widget for WordPress \u2013 ConveyThis",
"vendor": "conveythis",
"versions": [
{
"lessThanOrEqual": "223",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Language Translate Widget for WordPress \u2013 ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027api_key\u2019 parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-11T01:51:36.578Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/093af92e-bbc2-463a-8547-0e48fb356655?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3067865%40conveythis-translate%2Ftrunk\u0026old=3062168%40conveythis-translate%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-10T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6811",
"datePublished": "2024-04-11T01:51:36.578Z",
"dateReserved": "2023-12-13T21:56:18.456Z",
"dateUpdated": "2024-08-02T08:42:07.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}