← Back

Translatepress

translatepress

Vendor: Cozmoslabs • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-3141
1Cozmoslabs
1Translatepress
Nov 21, 2024
Sep 19, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in th...Show more
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.Show less
CVE-2021-24610
1Cozmoslabs
1Translatepress
Nov 21, 2024
Sep 27, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags...Show more
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.Show less