➠ CVE-2021-24911 | Transposh WordPress Translation Plugin up to 1.0.7 on WordPress Admin Dashboard Page tp_translation tk0 cross site scripting
A vulnerability was found in Transposh WordPress Translation Plugin up to 1.0.7. It has been classified as problematic. This affects the function tp_translation of the component Admin Dashboard Page. The manipulation of the argument tk0 leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2021-24911. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component....
➤ Ähnliche Beiträge für 'CVE-2021-24911 | Transposh WordPress Translation Plugin up to 1.0.7 on WordPress Admin Dashboard Page tp_translation tk0 cross site scripting'
vom 1173.55 Punkte The WordPress HTTP referer is not properly validated when a user is redirected.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
vom 1173.55 Punkte User authentication is not properly checked when the WordPress mail is run to prevent stored XSS. Additionally, adding email addresses from post-by-email logs are creating potential for information exposure vulnerability.
This vulnerability affects t
vom 1171.36 Punkte Missing adequate checks during comment editing can lead to stored XSS attacks.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
vom 1171.36 Punkte Reset PHPMailer properties between use to prevent information disclosure and revert shared objects for the current user to also prevent information disclosure
This vulnerability affects the following application versions:
WordPress 3.6
vom 1171.36 Punkte Missing authentication settings can lead to CSRF attacks
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
vom 1118.81 Punkte The link API in the bookmark is not properly checked against an SQL injection.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
vom 1118.81 Punkte The plugins screen is not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
vom 1118.81 Punkte A variable in the_meta() function is not properly escaped to prevent an XSS attack.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
vom 1011.53 Punkte The multisite installation of WordPress is not properly sanitized to prevent object injection via the upgrade process.
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
vom 1009.34 Punkte Missing sanitization can lead to SQL injection in WP_Tax_Query
This vulnerability affects the following application versions:
WordPress 3.6
WordPress 3.6.1
WordPress 3.7
WordPress 3.7.
vom 929.21 Punkte CVE-2020-36326 - An external file could be unexpectedly executable if it was used as a path to an attachment file via PHP's support for .phar files`. Exploitation requires that an attacker was able to provide an unfiltered path to a file to attach.
CVE-2018-19296 - Was vuln
vom 840.75 Punkte [XML-RPC] Improve error messages for unprivileged users
Add specific permission checks to avoid ambiguous failure messages.
[XML-RPC] Fix length validation of anonymous commenter's email address
Fix the first step of validating an anonymous commente
Team Security Diskussion über CVE-2021-24911 | Transposh WordPress Translation Plugin up to 1.0.7 on WordPress Admin Dashboard Page tp_translation tk0 cross site scripting
