Transposh WordPress Translation 1.0.8.1 Remote Code Execution
Posted by deepcore on July 30, 2022 – 7:26 pm
Transposh WordPress Translation versions 1.0.8.1 and below have a “save_transposh” action available at “/wp-admin/admin.php?page=tp_advanced” that does not properly validate the “Log file name” allowing an attacker with the “Administrator” role to specify a .php file as the log destination. Since the log file is stored directly within the “/wp-admin” directory, executing arbitrary PHP code is possible by simply sending a crafted request that gets logged.
Post a reply
You must be logged in to post a comment.