27 matches found
Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...
WordPress Transposh WordPress Translation plugin <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp vulnerability
Reflected Cross-Site Scripting via tptp vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.7...
CVE-2022-25812
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE...
CVE-2022-2536
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...
CVE-2022-2536
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...
CVE-2022-2536 Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...
EUVD-2022-34722
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...
CVE-2022-2461
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...
CVE-2022-2461 Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...
CVE-2022-2462 Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tphistory' AJAX action and insufficient restriction on the data...
CVE-2021-24912
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tptranslation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scriptin...
Cross site scripting
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tptranslation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack...
Cross site scripting
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tptranslation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scriptin...
Design/Logic Flaw
The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tpreset� under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerabl...
CVE-2022-25811 Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection...
CVE-2022-25810
The CVE-2022-25810 entry applies to the Transposh WordPress Translation plugin (versions up to 1.0.8.1). The vulnerability is due to missing authorization checks on functions exposed under the Utilities page (/wp-admin/admin.php?page=tp_utils), allowing a lowest-privileged user to execute sensiti...
CVE-2021-24911
The CVE relates to the Transposh WordPress Translation plugin for WordPress, affected versions prior to 1.0.8. The root cause is failure to sanitize and escape the tk0 parameter in the tp_translation AJAX action, allowing Stored Cross-Site Scripting. Impact is an XSS that can trigger in the plugi...
CVE-2021-24910
The CVE-2021-24910 entry concerns the WordPress plugin Transposh Translation (before 1.0.8). Affected component: the plugin’s AJAX action, which unsafely outputs the unescaped value of the a parameter back in the response. Root cause: insufficient sanitisation/escaping of user input in the tp_tp ...
CVE-2021-24910 Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date...