Learning source code review, spot vulnerability, find some ways how to fix it.
- Authenticated Stored XSS on Custom text for the floating widget field - Translate WordPress – Google Language Translator
- Translate Multilingual sites - TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting - CVE-2021-24610
- Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.9 - Privilege Escalation: Non Admin Roles Can Changes The Rating Settings
This is just my note to learn source code review and how to make the exploit. Let me know if I do anything wrong, your feedback is always welcome.
17 November 2022