Cozmoslabs Translatepress vulnerabilities
4 known vulnerabilities affecting cozmoslabs/translatepress.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-3141P2HIGHCVSS 8.8PoCfixed in 2.3.32022-09-19
CVE-2022-3141 [HIGH] CWE-89 CVE-2022-3141: The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
nvd
CVE-2025-58592P3HIGHCVSS 8.1≤ 2.10.22025-11-06
CVE-2025-58592 [HIGH] CWE-502 CVE-2025-58592: Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilin
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.
nvd
CVE-2021-24610P4MEDIUMCVSS 4.8PoCfixed in 2.0.92021-09-27
CVE-2021-24610 [MEDIUM] CWE-79 CVE-2021-24610: The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the tra
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.
nvd
CVE-2025-30773P3HIGHCVSS 7.2≤ 2.9.62025-03-27
CVE-2025-30773 [HIGH] CWE-502 CVE-2025-30773: Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilin
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.9.6.
nvd