8 matches found
CVE-2026-1921
The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the fsReference AJAX route. This is due to the findSourceFile method normalizing user-supplied ref paths containing ../ directory traversal sequences without validating that the...
EUVD-2026-27169
The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the fsReference AJAX route. This is due to the findSourceFile method normalizing user-supplied ref paths containing ../ directory traversal sequences without validating that the...
CVE-2026-1921
The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the fsReference AJAX route. This is due to the findSourceFile method normalizing user-supplied ref paths containing ../ directory traversal sequences without validating that the...
CVE-2026-1921
The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the fsReference AJAX route. This is due to the findSourceFile method normalizing user-supplied ref paths containing ../ directory traversal sequences without validating that the...
CVE-2026-1921 Loco Translate <= 2.8.2 - Authenticated (Translator+) Path Traversal to Limited File Read via 'ref' Parameter
The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the fsReference AJAX route. This is due to the findSourceFile method normalizing user-supplied ref paths containing ../ directory traversal sequences without validating that the...
CVE-2026-1921
Summary: Loco Translate for WordPress (≤ 2.8.2) is vulnerable to a path traversal via the fsReference AJAX route. The findSourceFile() function normalizes user-supplied ref paths containing "../" without validating the bound directory, allowing authenticated Translator+ users (loco_admin capabili...
PT-2026-36949
The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the fsReference AJAX route. This is due to the findSourceFile method normalizing user-supplied ref paths containing ../ directory traversal sequences without validating that the...
PT-2018-12645 · Red Hat +1 · Gluster +1
Name of the Vulnerable Software and Affected Versions: Gluster file system versions through 4.1.4 Description: The issue allows a remote attacker with access to mount volumes to exploit the GF XATTROP ENTRY IN KEY xattrop, creating arbitrary, empty files on the target server via abuse of the...