4 matches found
CVE-2022-2536
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...
CVE-2022-2536 Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...
CVE-2022-2461
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...
CVE-2021-24912
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tptranslation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scriptin...