Transposh WordPress Translation 1.0.8.1 SQL Injection

Discussion in 'News Aggregator' started by Packet Storm, 30 Jul 2022.

  1. Packet Storm

    Packet Storm Guest

    Transposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application.

    Continue reading...
     

Share This Page

Loading...