CVE-2022-25812

🗓️ 22 Aug 2022 14:59:06Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 76 Views🌐 WEB

The Transposh WordPress Translation WordPress plugin before 1.0.8 allows high privilege users to perform RC

Reporter	Title	Published	Views	Family All 13
0day.today	Transposh WordPress Translation 1.0.8.1 Remote Code Execution Vulnerability	31 Jul 202200:00	–	zdt
GithubExploit	Exploit for Cross-site Scripting in Astaro Security_Gateway_Software	30 Apr 201915:15	–	githubexploit
ATTACKERKB	CVE-2022-25812	22 Aug 202215:15	–	attackerkb
Circl	CVE-2022-25812	22 Aug 202218:26	–	circl
CNNVD	WordPress plugin Transposh WordPress Translation 代码注入漏洞	29 Jul 202200:00	–	cnnvd
Cvelist	CVE-2022-25812 Transposh WordPress Translation < 1.0.8 - Admin+ RCE	22 Aug 202214:59	–	cvelist
EUVD	EUVD-2022-30452	3 Oct 202520:07	–	euvd
NVD	CVE-2022-25812	22 Aug 202215:15	–	nvd
OSV	CVE-2022-25812	22 Aug 202215:15	–	osv
Packet Storm	Transposh WordPress Translation 1.0.8.1 Remote Code Execution	29 Jul 202200:00	–	packetstorm

NVD

Vulners

Node

transposh transposh_wordpress_translationRange<1.0.8wordpress

[
  {
    "product": "Transposh WordPress Translation",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.0.8",
        "status": "affected",
        "version": "1.0.8",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/1f6bd346-4743-44b8-86d7-4fbe09bad657

Parameter	Position	Path	Description	CWE
Log file name	request body	wp-admin/admin.php?page=tp_advanced	Unvalidated log file name enables arbitrary PHP code execution via crafted payload logged and later executed.	CWE-94
Level of logging	request body	wp-admin/admin.php?page=tp_advanced	Unvalidated log file name enables arbitrary PHP code execution via crafted payload logged and later executed.	CWE-94

17 Jun 2026 04:34Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.17.2

EPSS0.01441

CWE-94