Translatepress Multilinugal < 2.3.3 - Admin+ SQLi

An authenticated user can exploit this vulnerability by adding a new language to the plugin's settings page. The input for the language, specifically special characters, is not properly escaped before being included in an SQL query. This allows an attacker to inject a time-based blind SQL payload, as demonstrated by sqlmap [ref_id=1]. The vulnerability is triggered via the `trp_settings[translation-languages][]` parameter during an update action on the options-general.php page [ref_id=1].

The vulnerability lies within the Translatepress Multilingual WordPress plugin, specifically in the handling of language settings. The exploit targets the `trp_settings[translation-languages][]` parameter, which is processed when updating general options related to translation languages [ref_id=1].

The patch is not explicitly detailed in the provided information. However, the advisory indicates that the vulnerability is resolved in version 2.3.3. Remediation guidance suggests updating the plugin to this version or a later one to mitigate the SQL injection risk.

1. Install the Translatepress Multilingual plugin (version < 2.3.3). 2. Log in to WordPress as an authenticated user. 3. Navigate to the plugin's settings page (/wp-admin/options-general.php?page=translate-press). 4. Use a tool like Burp Suite to intercept the request when adding a new language. 5. Modify the `trp_settings[translation-languages][]` parameter to include a SQL injection payload. 6. Send the modified request and observe the database response, potentially using a tool like sqlmap with the provided second request [ref_id=1].