6 matches found
Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...
CVE-2022-2461
creationtimestamp| type| source ---|---|--- 2025-09-16 05:39:12+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-2461.yaml 2025-09-17 21:02:37+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lz2qayx6up25...
Input validation
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...
CVE-2022-2461
The Transposh WordPress Translation plugin is affected by CVE-2022-2461. Affected software: Transposh WordPress Translation plugin for WordPress. Vulnerable component: the tp_translation AJAX action, due to insufficient permissions checking. Root cause: unauthenticated users can trigger unauthori...
Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tptranslation" which is available to authenticated or unauthenticated users see CVE-2022-2461 that allows them to submit new translations. Translations submitted this way are shown on the Transposh administrative...
Transposh WordPress Translation 1.0.7 Incorrect Authorization
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-13 Date...