Transposh

Transposh Wordpress Translation

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-2536

Exploit
  • EPSS 0.64%
  • Veröffentlicht 15.12.2022 19:15:17
  • Zuletzt bearbeitet 21.11.2024 07:01:12

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX...

5.3

CVE-2022-2461

Exploit
  • EPSS 15.4%
  • Veröffentlicht 06.09.2022 18:15:13
  • Zuletzt bearbeitet 05.05.2025 17:18:10

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX a...

5.3

CVE-2022-2462

Exploit
  • EPSS 4.03%
  • Veröffentlicht 06.09.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 07:01:02

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX a...

6.5

CVE-2022-25810

Exploit
  • EPSS 0.19%
  • Veröffentlicht 22.08.2022 15:15:14
  • Zuletzt bearbeitet 21.11.2024 06:53:02

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basica...

7.2

CVE-2022-25811

Exploit
  • EPSS 0.73%
  • Veröffentlicht 22.08.2022 15:15:14
  • Zuletzt bearbeitet 21.11.2024 06:53:02

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection

7.2

CVE-2022-25812

Exploit
  • EPSS 1.32%
  • Veröffentlicht 22.08.2022 15:15:14
  • Zuletzt bearbeitet 21.11.2024 06:53:02

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE

6.1

CVE-2021-24910

Exploit
  • EPSS 10.37%
  • Veröffentlicht 22.08.2022 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:53:59

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back...

5.4

CVE-2021-24911

Exploit
  • EPSS 0.46%
  • Veröffentlicht 22.08.2022 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:53:59

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The...

5.4

CVE-2021-24912

Exploit
  • EPSS 0.2%
  • Veröffentlicht 22.08.2022 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:53:59

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter,...