WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites versions = 2.32.6...

CVE-2026-4146

The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘updatehref’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2026-4146

The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘updatehref’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

PT-2026-29193

The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update href’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2017-18568

The my-wp-translate plugin before 1.0.4 for WordPress has XSS...

EUVD-2017-9684

Malware in sbrugna...

EUVD-2022-15824

Malicious code in bioql PyPI...

EUVD-2024-16425

Malicious code in bioql PyPI...

EUVD-2021-28020

Malicious code in bioql PyPI...

CVE-2021-24721

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations...

WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability

Non-arbitrary Options Update vulnerability discovered by Humberto Castelo Branco Patchstack Alliance in WordPress Plugin ConveyThis versions = 234...

WordPress plugin WP Translate security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP Translate Plugin <= 5.3.0 is vulnerable to Broken Access Control

Software WP Translate Type Plugin Vulnerable versions = 5.3.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35663 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6afb15c80c3 Credits Majed Refaea Required privilege...

CVE-2023-49161 WordPress Bravo Translate Plugin <= 1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2...

WordPress Bravo Translate Plugin <= 1.2 is vulnerable to SQL Injection

Software Bravo Translate Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49161 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 9e3d902f085a Credits Arvandy Required privilege Administrator Published 28...

CVE-2023-26515

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...

CVE-2023-0832

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the installweglot function called via the adminactioninstallweglot action. This makes it possible for...

Cross site request forgery (csrf)

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the installweglot function called via the adminactioninstallweglot action. This makes it possible for...

PT-2023-16556 · Unknown +1 · Weglot Translate +1

Name of the Vulnerable Software and Affected Versions: Under Construction plugin for WordPress versions up to and including 3.96 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the install weglot function called via the admin action...

CVE-2022-0765

The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add...