Transposh WordPress Translation 1.0.8.1 SQL Injection
Posted by deepcore on July 30, 2022 – 7:26 pm
Transposh WordPress Translation versions 1.0.8.1 and below have a “tp_editor” page at “/wp-admin/admin.php?page=tp_editor” that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters “order” and “orderby” is processed by the web application.
Post a reply
You must be logged in to post a comment.