Primary

Context

SPIP Interface Traduction Objets Plugin Authenticated Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in the SPIP interface_traduction_objets plugin, affecting versions prior to 4.3.3. This vulnerability arises in the translation interface workflow, where untrusted request data is incorporated into a hidden form field without proper output filtering. Fields that begin with an underscore bypass certain protection mechanisms, allowing an authenticated attacker with editor-level privileges to inject malicious content. This injected content is processed through SPIP's template engine, enabling code execution on the web server.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where SPIP is hosted.

Remediation

Users can update to SPIP interface_traduction_objets version 4.3.3 or later to address this vulnerability.

Added: Feb 25, 2026, 4:47 AM

Updated: Feb 25, 2026, 4:47 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.9

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SPIP Interface Traduction Objets Plugin Authenticated Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating