The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt | Exploit Third Party Advisory VDB Entry |
https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989 | Patch Third Party Advisory |
https://www.exploitalert.com/view-details.html?id=38891 | Exploit Third Party Advisory |
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/ | Exploit Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve | Third Party Advisory |
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-09-06T17:18:58
Updated: 2023-10-26T20:25:43.344Z
Reserved: 2022-07-18T00:00:00
Link: CVE-2022-2461
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-06T18:15:13.890
Modified: 2023-11-09T20:56:58.363
Link: CVE-2022-2461
JSON object: View
Redhat Information
No data.
CWE