Home / os / winme

Transposh WordPress Translation 1.0.8.1 SQL Injection

Posted on 29 July 2022

Transposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application.

 

TOP