Lucene search

CVE-2022-2536

🗓️ 15 Dec 2022 19:17:15Reported by WordfenceType

cve🔗 web.nvd.nist.gov👁 62 Views🌐 WEB

The Transposh WordPress Translation plugin is vulnerable to unauthorized setting changes by unauthenticated users

Reporter	Title	Published	Views	Family All 19
NVD	CVE-2022-2536	15 Dec 202219:15	–	nvd
NVD	CVE-2022-2461	6 Sep 202218:15	–	nvd
Prion	Input validation	15 Dec 202219:15	–	prion
Prion	Code injection	6 Sep 202218:15	–	prion
Cvelist	CVE-2022-2536	15 Dec 202204:01	–	cvelist
Cvelist	CVE-2022-2461	6 Sep 202217:18	–	cvelist
RedhatCVE	CVE-2022-2536	5 Feb 202521:21	–	redhatcve
Vulnrichment	CVE-2022-2536	15 Dec 202204:01	–	vulnrichment
Patchstack	WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Authorization Bypass vulnerability	14 Nov 202200:00	–	patchstack
Patchstack	WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Unauthorized Settings Change vulnerability	25 Jul 202200:00	–	patchstack

Nvd

Vulners

Node

transposh transposh_wordpress_translationRange≤1.0.8.1wordpress

[
  {
    "vendor": "oferwald",
    "product": "Transposh WordPress Translation",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.0.8.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6
rcesecurity	www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
packetstormsecurity	www.packetstormsecurity.com/files/168120/wptransposh1081-authz.txt
exploitalert	www.exploitalert.com/view-details.html
plugins	www.plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php
github	www.github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt
wordfence	www.wordfence.com/vulnerability-advisories-continued/

Parameter	Position	Path	Description	CWE
action	request body	/wp-admin/admin-ajax.php	Unauthorized changes to translation settings in Transposh WordPress Translation plugin allowing unauthenticated users to add translations.	CWE-863, CWE-79
ln0	request body	/wp-admin/admin-ajax.php	Unauthorized changes to translation settings in Transposh WordPress Translation plugin allowing unauthenticated users to add translations.	CWE-863, CWE-79
sr0	request body	/wp-admin/admin-ajax.php	Unauthorized changes to translation settings in Transposh WordPress Translation plugin allowing unauthenticated users to add translations.	CWE-863, CWE-79
items	request body	/wp-admin/admin-ajax.php	Unauthorized changes to translation settings in Transposh WordPress Translation plugin allowing unauthenticated users to add translations.	CWE-863, CWE-79
tk0	request body	/wp-admin/admin-ajax.php	Unauthorized changes to translation settings in Transposh WordPress Translation plugin allowing unauthenticated users to add translations.	CWE-863, CWE-79
tr0	request body	/wp-admin/admin-ajax.php	Unauthorized changes to translation settings in Transposh WordPress Translation plugin allowing unauthenticated users to add translations.	CWE-863, CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Dec 2022 19:15Current

5.8Medium risk

Vulners AI Score5.8

CVSS37.5

EPSS0.04249

SSVC