CVE-2022-2461

Exploit

EPSS 3.51%
Veröffentlicht 06.09.2022 18:15:13
Zuletzt bearbeitet 08.04.2026 17:16:45
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

Mögliche Gegenmaßnahme

Transposh WordPress Translation: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Transposh ≫ Transposh Wordpress Translation SwPlatformwordpress Version <= 1.0.8.1

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Transposh WordPress Translation

Version *-1.0.9.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.51%	0.877

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt

Third Party Advisory

Exploit

VDB Entry

https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989

Patch

Third Party Advisory

https://www.exploitalert.com/view-details.html?id=38891

Third Party Advisory

Exploit

https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve

Third Party Advisory

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2461

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2461

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2461

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-2461