Medium severity5.0NVD Advisory· Published Jul 30, 2021· Updated Jun 17, 2026
CVE-2021-34630
CVE-2021-34630
Description
In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an attacker is able to modify the request en route between the client and the server, or in cases where the user is using an atypical browsing solution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- plugins.svn.wordpress.org/gtranslate/tags/2.8.64/gtranslate.phpnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.