PT-2025-34724 · Mtons · Mtons Mblog

Name of the Vulnerable Software and Affected Versions: mtons mblog versions up to 3.5.0 Description: A vulnerability exists in mtons mblog up to version 3.5.0 within the Admin Panel component. Manipulation of the Title argument in the /admin/post/list file can lead to cross-site scripting. The...

CVE-2022-4290

The CVE-2022-4290 entry concerns the WordPress plugin Cyr to Lat. It is affected up to version 3.5; the root cause is insufficient escaping and lack of proper SQL query preparation in ctl_sanitize_title, enabling authenticated users to append malicious SQL and potentially read sensitive data. A p...

WordPress Plugin Cyr to Lat SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

VulnCheck KEV: CVE-2022-4290

The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctlsanitizetitle' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially...