CVE-2022-2461

Published: 06/09/2022 Updated: 09/11/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated malicious users to influence the data shown on the site.

Vulnerable Product	Search on Vulmon	Subscribe to Product
transposh transposh wordpress translation

Transposh WordPress Translation versions 107 and below have an ajax action "tp_translation" which is available to authenticated or unauthenticated users (see CVE-2022-2461) that allows them to submit new translations Translations submitted this way are shown on the Transposh administrative interface on the pages "tp_main" and "tp_editor" Howeve ...

https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/https://www.exploitalert.com/view-details.html?id=38891 https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461 https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989 https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve https://nvd.nist.gov https://packetstormsecurity.com/files/167866/Transposh-WordPress-Translation-1.0.7-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-2461

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect