CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-3141 – Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2022-3141
23 Jul 2022 — The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. El plugin Translate Multilingual sites de WordPress versiones anteriores a 2.3.3, es vulnerable a una inyección SQL autenticada. Al añadir un nuevo idioma (por medio de la página de configuración) que contenga deter... • https://www.exploit-db.com/exploits/51043 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-24610 – TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24610
30 Aug 2021 — The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. El plugin TranslatePress de WordPress versiones anteriores a 2.0.9, no implementa una sanitización apropiada en las cadenas traducidas. La función "trp_sanitize_string" sólo elimina l... • https://www.exploit-db.com/exploits/50343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •