Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities.
9f6dbcbbd09678c80d311d3e820d1c82de2bd7a04264742755ac9d8302b00c0f
Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tp_history" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "user_login" attribute. Successful exploits can allow an unauthenticated attacker to leak the WordPress username of translators. If an anonymous user submitted the translation, then the user's IP address is returned.
9edfbd7e51dbf96c4ec365750f8acbdc5e0bcb40dfa07245a905258f418c9681