Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin’s “Utilities” page leading to unauthorized access for all user roles, including “Subscriber”.
>> ARCHIVE: 2022-07
Transposh WordPress Translation versions 1.0.8.1 and below have a “tp_editor” page at “/wp-admin/admin.php?page=tp_editor” that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters…
Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role…
http://www.pasanghospital.go.th/404.php notified by 0x1998
http://www.tago.go.th/tago/gallery/hai.html notified by ./Niz4r
http://www.arpon.go.th/arpon/mainfile/hai.html notified by ./Niz4r
http://www.krabuang.go.th/krabuang/file_editor/hai.html notified by ./Niz4r
http://srinarong.go.th/srinarong/mainfile/hai.html notified by ./Niz4r
http://nanuan.go.th/nanuan/module_eservice1/ notified by ./Niz4r
Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role…