Transposh WordPress Translation 1.0.8.1 Improper Authorization

Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin’s “Utilities” page leading to unauthorized access for all user roles, including “Subscriber”.

July 30, 2022
Transposh WordPress Translation 1.0.8.1 SQL Injection

Transposh WordPress Translation versions 1.0.8.1 and below have a “tp_editor” page at “/wp-admin/admin.php?page=tp_editor” that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters “order” and “orderby” is processed by the web application.

Transposh WordPress Translation 1.0.8.1 Remote Code Execution

Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role to specify a .php file as the log destination. Since the log file is stored directly within the “/wp-admin” directory, executing arbitrary PHP code is […]

http://www.pasanghospital.go.th/404.php

http://www.pasanghospital.go.th/404.php notified by 0x1998

http://www.tago.go.th/tago/gallery/hai.html

http://www.tago.go.th/tago/gallery/hai.html notified by ./Niz4r

July 29, 2022
http://www.arpon.go.th/arpon/mainfile/hai.html

http://www.arpon.go.th/arpon/mainfile/hai.html notified by ./Niz4r

http://www.krabuang.go.th/krabuang/file_editor/hai.html

http://www.krabuang.go.th/krabuang/file_editor/hai.html notified by ./Niz4r

http://srinarong.go.th/srinarong/mainfile/hai.html

http://srinarong.go.th/srinarong/mainfile/hai.html notified by ./Niz4r

http://nanuan.go.th/nanuan/module_eservice1/

http://nanuan.go.th/nanuan/module_eservice1/ notified by ./Niz4r

Transposh WordPress Translation 1.0.8.1 Remote Code Execution

Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role to specify a .php file as the log destination. Since the log file is stored directly within the “/wp-admin” directory, executing arbitrary PHP code is […]