EUVD-2021-11823

Malware in sbrugna...

EUVD-2022-30450

Malicious code in bioql PyPI...

CVE-2022-25811

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection...

CVE-2022-25810

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable th...

CVE-2021-24910

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...

PT-2022-9504 · WordPress +1 · Transposh Wordpress Translation Plugin +1

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions prior to 1.0.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the a parameter is not properly sanitised and escaped via an AJAX action. This...

PT-2022-9505 · WordPress · Transposh Wordpress Translation Plugin

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions prior to 1.0.8 Description: The issue is related to Stored Cross-Site Scripting. It occurs because the tk0 parameter from the tp translation AJAX action is not properly sanitized and escaped. Th...