WordPress Transposh: Exploiting a Blind SQL Injection via XSS | allinfosecnews.com

July 22, 2022, 2:40 p.m. | Julien Ahrens

RCE Security www.rcesecurity.com

Introduction You probably have read about my recent swamp of CVEs affecting a WordPress plugin called Transposh Translation Filter, which resulted in more than $30,000 in bounties: [CVE-2021-24910] Transposh <= 1.0.7 “tp_tp” Unauthenticated Reflected Cross-Site Scripting [CVE-2021-24911] Transposh <= 1.0.7 “tp_translation” Unauthenticated Stored Cross-Site Scripting [CVE-2021-24912] Transposh <= 1.0.8.1 Multiple Cross-Site Request Forgeries [CVE-2022-2461] Transposh […]

bug bounty exploiting injection sql sql injection wordpress xss

More from www.rcesecurity.com / RCE Security

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce 10 months ago | www.rcesecurity.com

advisory authentication authentication bypass back +23

SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897) 1 year ago | www.rcesecurity.com

advisory cve exploit flashback +9

SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620) 1 year ago | www.rcesecurity.com

access advisory authentication bugs +18

From Zero to Hero Part 2: Intel DCM From SQL Injection to RCE (CVE-2022-21225) 1 year, 5 months ago | www.rcesecurity.com

advisory bug bounty cve hero +5

From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP … 1 year, 5 months ago | www.rcesecurity.com

authentication bug bounty bypassing cve +5

WordPress Transposh: Exploiting a Blind SQL Injection via XSS 1 year, 9 months ago | www.rcesecurity.com

bug bounty exploiting injection sql +3

AWAE Course and OSWE Exam Review 2 years ago | www.rcesecurity.com

certifications course exam oswe +1

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority

View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France

View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico

View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States

View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX

View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US

View on infosec-jobs.com