Vulnerabilities and security researches fortranslatepress-multilingual translatepress-multilingual
Direction: ascendingJun 07, 2024
Translate Multilingual sites – TranslatePress # CVE-2024-34827
- CVE, Research URL
- Date
- May 14, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Translate Multilingual sites – TranslatePress # CVE-2021-24610
- CVE, Research URL
- Date
- Sep 27, 2021
- Research Description
- The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Translate Multilingual sites – TranslatePress # CVE-2022-3141
- CVE, Research URL
- Date
- Sep 19, 2022
- Research Description
- The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Mar 28, 2025
Translate Multilingual sites – TranslatePress # CVE-2025-30773
- CVE, Research URL
- Date
- Mar 27, 2025
- Research Description
- Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress allows Object Injection. This issue affects TranslatePress: from n/a through 2.9.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable