Transposh Wordpress Translation@* Security Vulnerabilities and Issues — Transposh Wordpress Translation@* CVE List

Lucene search

TransposhTransposh Wordpress Translation*

4 matches found

CVE•added 2022/08/22 3:15 p.m.•68 views

CVE-2021-24910

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Si...

6.1CVSS6.1AI score0.11945EPSS

Web

CVE•added 2022/08/22 3:15 p.m.•52 views

CVE-2021-24911

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depen...

5.4CVSS5.4AI score0.00476EPSS

Web

CVE•added 2022/08/22 3:15 p.m.•49 views

CVE-2021-24912

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting...

5.4CVSS5.3AI score0.00198EPSS

Web

CVE•added 2022/08/22 3:15 p.m.•48 views

CVE-2022-25812

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE

7.2CVSS6.9AI score0.01322EPSS

Web