Spip Interface Traduction Objets vulnerabilities
2 known vulnerabilities affecting spip/interface_traduction_objets.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-27745P2HIGHCVSS 8.8fixed in 2.2.22026-02-25
CVE-2026-27745 [HIGH] CWE-94 CVE-2026-27745: The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote
The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because fields prefixed with an underscore bypass protection mechan
nvd
CVE-2026-27747P3HIGHCVSS 8.8fixed in 2.2.22026-02-25
CVE-2026-27747 [HIGH] CWE-89 CVE-2026-27747: The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL inj
The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation requests, the plugin reads the id_parent parameter from user-supplied input and concatenates it directly into a SQL WHERE clause in a call to sql_getfetsel() wit
nvd