The Translate Multilingual sites WordPress plugin prior to 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cozmoslabs translatepress |