WordPress Transposh Translation <1.0.8 - Cross-Site Scripting

WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in...

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

WordPress Transposh <=1.0.8.1 - Information Disclosure

WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tphistory, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the userlogin attribute. If a...

EUVD-2021-11823

Malware in sbrugna...

EUVD-2021-11824

Malware in sbrugna...

EUVD-2021-11822

Malicious code in bioql PyPI...

EUVD-2022-30450

Malicious code in bioql PyPI...

EUVD-2024-30482

Malicious code in bioql PyPI...

EUVD-2022-34723

Malicious code in bioql PyPI...

EUVD-2022-34790

Malicious code in bioql PyPI...

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.8.1...

WordPress Transposh WordPress Translation plugin <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp vulnerability

Reflected Cross-Site Scripting via tptp vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.7...

CVE-2022-2461

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

CVE-2022-25811

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection...

CVE-2022-25812

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE...

CVE-2021-24911

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tptranslation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack...

CVE-2021-24910

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...

CVE-2022-2536

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

CVE-2024-32695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9...

CVE-2024-32695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.This issue affects Language Switcher for Transposh: from n/a through 1.5.9...