CVE-2022-2461
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
91.8%
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the ‘tp_translation’ AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| transposh | transposh_wordpress_translation | * | cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:* |
References
packetstormsecurity.com/files/167870/wptransposh107-auth.txt
plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989
www.exploitalert.com/view-details.html?id=38891
www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve
www.wordfence.com/vulnerability-advisories/#CVE-2022-2461
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
91.8%