Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-24622022

Vulnerability Summary

Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tp_history" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "user_login" attribute. Successful exploits can allow an unauthenticated malicious user to leak the WordPress username of translators. If an anonymous user submitted the translation, then the user's IP address is returned.

Exploits

Exploit DB: Transposh WordPress Translation 1.0.8.1 Information Disclosure
Transposh WordPress Translation versions 1081 and below have an ajax action called "tp_history" which is intended to return data about who has translated a text given by the "token" parameter However, the plugin also returns the user's login name as part of the "user_login" attribute Successful exploits can allow an unauthenticated attacker to ...

References

https://packetstormsecurity.com/files/167878/Transposh-WordPress-Translation-1.0.8.1-Information-Disclosure.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of serviceCVE-2024-27371CVE-2024-20405CVE-2024-31627CVE-2024-31625race conditionCVE-2024-4358cross-site scriptingCVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook