>> ARCHIVE: 2022-07

WordPress WP-UserOnline plugin versions 2.87.6 and below suffer from a persistent cross site scripting vulnerability.

Transposh WordPress Translation versions 1.0.7 and below have an ajax action “tp_tp” that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET…

Transposh WordPress Translation versions 1.0.7 and below have an ajax action “tp_translation” which is available to authenticated or unauthenticated users (see CVE-2022-2461) that allows them to submit new translations. Translations…

Dingtian-DT-R002 version 3.1.276A suffers from an authentication bypass vulnerability.

Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the “Who can…

rpc.py version 0.6.0 suffers from a remote code execution vulnerability.

Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.

Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.

Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called “tp_history” which is intended to return data about who has translated a text given by the “token” parameter….

Geonetwork versions 3.1.x through 4.2.0 suffer from an XML external entity injection vulnerability.