TranslatePress
by Cozmoslabs
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58592 | Hig | 0.53 | 8.1 | 0.00 | Nov 6, 2025 | Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2. | ||
| CVE-2025-30773 | Hig | 0.47 | 7.2 | 0.01 | Mar 27, 2025 | Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.9.6. | ||
| CVE-2024-34827 | Med | 0.28 | 4.3 | 0.00 | May 14, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5. | ||
| CVE-2021-24610 | 0.03 | — | 0.05 | Sep 27, 2021 | The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to… |
- risk 0.53cvss 8.1epss 0.00
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.
- risk 0.47cvss 7.2epss 0.01
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.9.6.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5.
- CVE-2021-24610Sep 27, 2021risk 0.03cvss —epss 0.05
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to…