all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Transposh WordPress Translation 1.0.8.1 Remote Code Execution

Add to bookmarks
July 29, 2022, 2:40 p.m. |

Packet Storm packetstormsecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below have a "save_transposh" action available at "/wp-admin/admin.php?page=tp_advanced" that does not properly validate the "Log file name" allowing an attacker with the "Administrator" role to specify a .php file as the log destination. Since the log file is stored directly within the "/wp-admin" directory, executing arbitrary PHP code is possible by simply sending a crafted request that gets logged.

code code execution remote code execution wordpress

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6750-1 17 hours ago | packetstormsecurity.com
arbitrary code attacker browsing bypass +19
Ubuntu Security Notice USN-6743-3 17 hours ago | packetstormsecurity.com
attacker compromise kernel linux +8
Ubuntu Security Notice USN-6657-2 17 hours ago | packetstormsecurity.com
attacker dnsmasq dnssec issue +12
Ubuntu Security Notice USN-6749-1 17 hours ago | packetstormsecurity.com
arbitrary code attacker code context +11
Red Hat Security Advisory 2024-2060-03 17 hours ago | packetstormsecurity.com
advisory bugs denial of service fix +12
Red Hat Security Advisory 2024-2055-03 17 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +4
Red Hat Security Advisory 2024-2045-03 17 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
Red Hat Security Advisory 2024-2044-03 17 hours ago | packetstormsecurity.com
advisory enterprise gnutls information +8
Red Hat Security Advisory 2024-2042-03 17 hours ago | packetstormsecurity.com
advanced advisory critical critical update +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Security Cloud Solution Architect

@ Microsoft | London, London, United Kingdom
View on infosec-jobs.com

Compliance Program Analyst

@ SailPoint | United States
View on infosec-jobs.com

Software Engineer III, Infrastructure, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com

Cryptography Expert

@ Raiffeisen Bank Ukraine | Kyiv, Kyiv city, Ukraine
View on infosec-jobs.com

Senior Cyber Intelligence Planner (15.09)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com
View more jobs