WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.8.1...

CVE-2021-24912

creationtimestamp| type| source ---|---|--- 2022-08-22 18:26:39+00:00| seen| https://t.me/cibsecurity/48500...

CVE-2021-24912

The CVE-2021-24912 entry concerns the Transposh WordPress Translation plugin for WordPress, specifically versions up to 1.0.8. The underlying issue is the lack of CSRF protection in the tp_translation AJAX action and insufficient sanitisation of the tk0 parameter, enabling Stored XSS executed in ...

CVE-2021-24912 Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tptranslation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scriptin...

Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-08-19 Date...