Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-24912

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin

CVE
#xss#csrf#wordpress#auth

Related news

CVE-2022-2461: WordPress Transposh: Exploiting a Blind SQL Injection via XSS

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery

Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907