Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
transposh transposh wordpress translation vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2536
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes ...
Transposh Transposh Wordpress Translation
NA
CVE-2021-24910
The Transposh WordPress Translation WordPress plugin prior to 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to...
Transposh Transposh Wordpress Translation
NA
CVE-2021-24912
The Transposh WordPress Translation WordPress plugin prior to 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow malicious users to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a ...
Transposh Transposh Wordpress Translation
NA
CVE-2021-24911
The Transposh WordPress Translation WordPress plugin prior to 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perf...
Transposh Transposh Wordpress Translation
NA
CVE-2022-25810
The Transposh WordPress Translation WordPress plugin up to and including 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically al...
Transposh Transposh Wordpress Translation
NA
CVE-2022-25811
The Transposh WordPress Translation WordPress plugin up to and including 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
Transposh Transposh Wordpress Translation
NA
CVE-2022-25812
The Transposh WordPress Translation WordPress plugin prior to 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE
Transposh Transposh Wordpress Translation
NA
CVE-2022-2461
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default se...
Transposh Transposh Wordpress Translation
NA
CVE-2022-2462
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficie...
Transposh Transposh Wordpress Translation
NA
CVE-2022-25362
Transposh WordPress Translation versions 1.0.8.1 and below suffer from an incorrect authorization vulnerability.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »