CVE-2024-0632 in Automatic Translator with Google Translate Plugin
Summary
by MITRE • 05/22/2024
The Automatic Translator with Google Translate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom font setting in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/28/2025
The vulnerability identified as CVE-2024-0632 affects the Automatic Translator with Google Translate plugin for WordPress, specifically targeting versions up to and including 1.5.4. This represents a critical security flaw that exploits stored cross-site scripting vulnerabilities within the plugin's custom font setting functionality. The issue arises from inadequate input sanitization and insufficient output escaping mechanisms that fail to properly validate or encode user-supplied data before it is processed and stored within the WordPress database. Attackers leveraging this vulnerability can execute malicious scripts in the context of the victim's browser, potentially leading to unauthorized access to sensitive data, session hijacking, or further exploitation of the compromised system. The vulnerability is particularly concerning because it requires only administrator-level access to exploit, making it accessible to authenticated users with elevated privileges.
The technical implementation of this vulnerability stems from the plugin's failure to properly sanitize user input when processing custom font settings. When administrators configure font parameters through the plugin's interface, the input values are not adequately validated or escaped before being stored in the database. This stored data is then subsequently rendered in web pages without proper output encoding, creating an environment where malicious scripts can be executed whenever users access pages containing the injected content. The flaw aligns with CWE-79, which defines cross-site scripting as a common vulnerability where untrusted data is embedded into web pages viewed by other users. The vulnerability specifically manifests in the plugin's handling of font configuration parameters, where attackers can inject malicious JavaScript code that persists in the database and executes in the context of other users' browsers.
The operational impact of CVE-2024-0632 is significant for WordPress installations that utilize the affected plugin, particularly in multi-site environments where the vulnerability is most prevalent. The attack vector requires authenticated access with administrator privileges, but once exploited, the consequences extend beyond simple script execution to potentially compromise entire WordPress installations. In multi-site configurations, the impact is amplified because a single compromised site can affect the broader network of interconnected sites. The vulnerability's restriction to installations where unfiltered_html has been disabled creates a specific attack window, though this limitation does not mitigate the overall risk. Attackers could leverage this vulnerability to establish persistent backdoors, steal administrative credentials, or redirect users to malicious websites, effectively compromising the security posture of the entire WordPress environment.
Mitigation strategies for CVE-2024-0632 should prioritize immediate plugin updates to versions that address the stored XSS vulnerability, as developers have likely released patches to resolve the sanitization and escaping issues. Organizations should implement strict input validation measures and ensure that all user-supplied data is properly encoded before storage and output. Security administrators should consider disabling the affected plugin entirely if immediate updates are not feasible, while also implementing monitoring for suspicious activities in the WordPress administration areas. The vulnerability's classification under ATT&CK technique T1566.002 highlights the importance of defending against credential harvesting and session hijacking attacks that could result from successful exploitation. Additionally, organizations should conduct comprehensive security audits of their WordPress installations to identify other potential vulnerabilities and ensure that all plugins and themes are running the latest secure versions. Network segmentation and access control measures should be implemented to limit the potential damage from any successful exploitation attempts.