Lucene search
K

27 matches found

Nuclei
Nuclei
added 18 hours ago17 views

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

5.3CVSS6.7AI score0.03644EPSS
Exploits6References4
Patchstack
Patchstack
added 2025/07/17 12:6 p.m.12 views

WordPress Transposh WordPress Translation plugin <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp vulnerability

Reflected Cross-Site Scripting via tptp vulnerability discovered by Julien Ahrens in WordPress Plugin Transposh WordPress Translation versions = 1.0.7...

6.1CVSS6.2AI score0.01266EPSS
Exploits4References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:47 p.m.13 views

CVE-2022-25812

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE...

7.2CVSS6.7AI score0.01441EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:21 p.m.15 views

CVE-2022-2536

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

7.5CVSS6.7AI score0.01369EPSS
Exploits4References1
NVD
NVD
added 2022/12/15 7:15 p.m.23 views

CVE-2022-2536

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

7.5CVSS0.01369EPSS
Exploits4References8
Cvelist
Cvelist
added 2022/12/15 4:1 a.m.24 views

CVE-2022-2536 Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

5.3CVSS6.2AI score0.01369EPSS
Exploits4References7
EUVD
EUVD
added 2022/09/07 12:1 a.m.10 views

EUVD-2022-34722

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

5.3CVSS5.7AI score0.03644EPSS
Exploits6References7
NVD
NVD
added 2022/09/06 6:15 p.m.22 views

CVE-2022-2461

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

5.3CVSS0.03644EPSS
Exploits6References6
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.28 views

CVE-2022-2461 Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

5.3CVSS6.1AI score0.03644EPSS
Exploits6References6
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.36 views

CVE-2022-2462 Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tphistory' AJAX action and insufficient restriction on the data...

5.3CVSS5.3AI score0.0305EPSS
Exploits4References6
NVD
NVD
added 2022/08/22 3:15 p.m.23 views

CVE-2021-24912

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tptranslation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scriptin...

5.4CVSS0.00304EPSS
Exploits3References1
Prion
Prion
added 2022/08/22 3:15 p.m.19 views

Cross site scripting

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tptranslation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack...

4.9CVSS5.4AI score0.00586EPSS
Exploits4References1Affected Software1
Prion
Prion
added 2022/08/22 3:15 p.m.26 views

Cross site scripting

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tptranslation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scriptin...

4.9CVSS5.3AI score0.00304EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2022/08/22 3:15 p.m.21 views

Design/Logic Flaw

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tpreset� under the Utilities tab /wp-admin/admin.php?page=tputils, which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerabl...

4CVSS6.5AI score0.00891EPSS
Exploits5References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 2:58 p.m.21 views

CVE-2022-25811 Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection...

7.5AI score0.01202EPSS
Exploits5References1
CVE
CVE
added 2022/08/22 2:58 p.m.67 views

CVE-2022-25810

The CVE-2022-25810 entry applies to the Transposh WordPress Translation plugin (versions up to 1.0.8.1). The vulnerability is due to missing authorization checks on functions exposed under the Utilities page (/wp-admin/admin.php?page=tp_utils), allowing a lowest-privileged user to execute sensiti...

6.5CVSS6.4AI score0.00891EPSS
Exploits5References1Affected Software1
CVE
CVE
added 2022/08/22 2:56 p.m.64 views

CVE-2021-24911

The CVE relates to the Transposh WordPress Translation plugin for WordPress, affected versions prior to 1.0.8. The root cause is failure to sanitize and escape the tk0 parameter in the tp_translation AJAX action, allowing Stored Cross-Site Scripting. Impact is an XSS that can trigger in the plugi...

5.4CVSS5.4AI score0.00586EPSS
Exploits4References1Affected Software1
CVE
CVE
added 2022/08/22 2:55 p.m.88 views

CVE-2021-24910

The CVE-2021-24910 entry concerns the WordPress plugin Transposh Translation (before 1.0.8). Affected component: the plugin’s AJAX action, which unsafely outputs the unescaped value of the a parameter back in the response. Root cause: insufficient sanitisation/escaping of user input in the tp_tp ...

6.1CVSS6.1AI score0.01266EPSS
Exploits4References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 2:55 p.m.26 views

CVE-2021-24910 Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action available to both unauthenticated and authenticated users when the curl library is installed before outputting it back in the response, leading to a Reflected Cross-Si...

6.2AI score0.01266EPSS
Exploits4References1
Packet Storm
Packet Storm
added 2022/08/19 12:0 a.m.332 views

Transposh WordPress Translation 1.0.8.1 Incorrect Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date...

0.8AI score0.01369EPSS
Exploits4
Rows per page
Query Builder