WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Missing Authorization Checks vulnerability

Missing Authorization Checks vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.8.1...

CVE-2022-25810

The CVE-2022-25810 entry applies to the Transposh WordPress Translation plugin (versions up to 1.0.8.1). The vulnerability is due to missing authorization checks on functions exposed under the Utilities page (/wp-admin/admin.php?page=tp_utils), allowing a lowest-privileged user to execute sensiti...

CVE-2022-25810 Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tpreset” under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable th...

Transposh WordPress Translation 1.0.8.1 Improper Authorization Vulnerability

Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber". 1. ADVISORY INFORMATION ======================= Product:...

Transposh WordPress Translation 1.0.8.1 Improper Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Improper Authorization CWE-285 Date found: 2022-02-21 Date...