4 matches found
CVE-2022-2462
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tphistory' AJAX action and insufficient restriction on the data...
CVE-2022-2462
The CVE-2022-2462 entry concerns the Transposh WordPress Translation plugin (versions up to and including 1.0.8.1). The vulnerability arises from insufficient permissions checking on the AJAX action tp_history and overly permissive data in the response, enabling unauthenticated disclosure of tran...
Transposh WordPress Translation 1.0.8.1 Information Disclosure Vulnerability
Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tphistory" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "userlogin" attribute. Successfu...
Transposh WordPress Translation 1.0.8.1 Information Disclosure
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200...