Lucene search
HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-25811
transposh
plugin
sql injection
vulnerability
order
orderby
parameters
wordpress
translation
plugin through 1.0.8
cve-2022-25811
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
37.7%
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
Affected configurations
Node
transposhtransposh_wordpress_translationRange≤1.0.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| transposh | transposh_wordpress_translation | * | cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:* |
Related
zdt
zdt
Transposh WordPress Translation 1.0.8.1 SQL Injection Vulnerability
2022-07-31 00:00:00
cve
cve
CVE-2022-25811
2022-08-22 15:15:14
packetstorm
packetstorm
Transposh WordPress Translation 1.0.8.1 SQL Injection
2022-07-29 00:00:00
prion
prion
Sql injection
2022-08-22 15:15:00
wpvulndb
wpvulndb
Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection
2022-07-26 00:00:00
cnvd
cnvd
WordPress Transposh WordPress Translation SQL Injection Vulnerability
2022-08-02 00:00:00
cvelist
cvelist
wpexploit
wpexploit
Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection
2022-07-26 00:00:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
37.7%
Related for NVD:CVE-2022-25811