CVE-2026-8665

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

EUVD-2026-39158

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

CVE-2026-8665 OS Command Injection in Rapid7 InsightConnect Translate Plugin

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

CVE-2026-8665

CVE-2026-8665 describes an OS command injection in the TR action of the Rapid7 InsightConnect Translate Plugin on Linux. The vulnerability arises from insufficient input sanitization in shell command construction, allowing remote attackers to execute arbitrary OS commands via the text or expressi...

WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by HaiND in WordPress Plugin GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites versions = 2.32.6...

CVE-2026-4146

The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘updatehref’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2026-4146

The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘updatehref’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

PT-2026-29193

The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update href’ parameter in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

CVE-2017-18568

The my-wp-translate plugin before 1.0.4 for WordPress has XSS...

EUVD-2017-9684

Malware in sbrugna...

EUVD-2024-16425

Malicious code in bioql PyPI...

EUVD-2021-28020

Malicious code in bioql PyPI...

EUVD-2022-15824

Malicious code in bioql PyPI...

CVE-2021-24721

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations...

WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability

Non-arbitrary Options Update vulnerability discovered by Humberto Castelo Branco Patchstack Alliance in WordPress Plugin ConveyThis versions = 234...

WordPress plugin WP Translate security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP Translate Plugin <= 5.3.0 is vulnerable to Broken Access Control

Software WP Translate Type Plugin Vulnerable versions = 5.3.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35663 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6afb15c80c3 Credits Majed Refaea Required privilege...

CVE-2023-49161 WordPress Bravo Translate Plugin <= 1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Guelben Bravo Translate.This issue affects Bravo Translate: from n/a through 1.2...

WordPress Bravo Translate Plugin <= 1.2 is vulnerable to SQL Injection

Software Bravo Translate Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-49161 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 9e3d902f085a Credits Arvandy Required privilege Administrator Published 28...

CVE-2023-26515

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ko Takagi Simple Slug Translate plugin = 2.7.2 versions...