ByteOS Network

▼CVE Numbering Authority (CNA)

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

Affected Products

Vendor

oferwald

Product

Transposh WordPress Translation

Default Status

unaffected

Versions

Affected

From * through 1.0.8.1 (semver)

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-862 Missing Authorization

Type: N/A

CWE ID: N/A

Description: CWE-862 Missing Authorization

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Credits

finder

Julien Ahrens

Timeline

Event	Date
Disclosed	2022-07-18 00:00:00

Event: Disclosed

Date: 2022-07-18 00:00:00

References

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve	N/A
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461	N/A
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/	N/A
https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989	N/A
https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt	N/A
https://www.exploitalert.com/view-details.html?id=38891	N/A

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve

Resource: N/A

Hyperlink: https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461

Resource: N/A

Hyperlink: https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/

Resource: N/A

Hyperlink: https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989

Resource: N/A

Hyperlink: https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt

Resource: N/A

Hyperlink: https://www.exploitalert.com/view-details.html?id=38891

Resource: N/A

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve	x_transferred
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461	x_transferred
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/	x_transferred
https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989	x_transferred
https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt	x_transferred
https://www.exploitalert.com/view-details.html?id=38891	x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References