7.5

CVE-2022-2536

Exploit

EPSS 1.05%
Veröffentlicht 15.12.2022 19:15:17
Zuletzt bearbeitet 21.11.2024 07:01:12
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. 

Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab. However, this option is largely ignored, if Transposh has enabled its "autotranslate" feature (it's enabled by default) and the HTTP POST parameter "sr0" is larger than 0. This is caused by a faulty validation in "wp/transposh_db.php."

Mögliche Gegenmaßnahme

Transposh WordPress Translation: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 11

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Transposh WordPress Translation

Version *-1.0.9.6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Transposh ≫ Transposh Wordpress Translation SwPlatformwordpress Version <= 1.0.8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.05%	0.77

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security@wordfence.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989

Third Party Advisory

Exploit

https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/

Not Applicable

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt

Third Party Advisory

Exploit

https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt

Third Party Advisory

Exploit

VDB Entry

https://www.exploitalert.com/view-details.html?id=38949

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6

Third Party Advisory

https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2536

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2536

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2536

EUVD