CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 4CVE-2022-2536 – Transposh WordPress Translation <= 1.0.8.1 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2022-2536
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab. However, this option is largely ignored, if Transposh has enabled its "autotranslate" feature (it's enabled by default) and the HTTP POST parameter "sr0" is larger than 0. • https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989 https://www.exploitalert.com/view-details.html?id=38949 https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6 http • CWE-285: Improper Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25812 – Transposh WordPress Translation < 1.0.8 - Admin+ RCE
https://notcve.org/view.php?id=CVE-2022-25812
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE El plugin Transposh WordPress Translation de WordPress versiones anteriores a 1.0.8, no comprueba su configuración de depuración, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo un RCE. The Transposh WordPress Translation plugin for WordPress is vulnerable to remote code execution in versions up to, and including, 1.0.8.1. This is due to insufficient extension validation on the log file that can be created via the plugin. This makes it possible for authenticated attackers with administrative level permissions and above to set the log file extension to .php and then update a setting to log PHP executable code to that file which can be used to achieve remote code execution. Transposh WordPress Translation versions 1.0.8.1 and below have a "save_transposh" action available at "/wp-admin/admin.php? • https://wpscan.com/vulnerability/1f6bd346-4743-44b8-86d7-4fbe09bad657 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25810 – Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls
https://notcve.org/view.php?id=CVE-2022-25810
The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations. El plugin Transposh WordPress Translation de WordPress versiones hasta 1.0.8, expone un par de acciones confidenciales como "tp_reset" bajo la pestaña Utilities (/wp-admin/admin.php?page=tp_utils), que pueden ser usadas/ejecutadas como el usuario menos privilegiado. • https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24911 – Transposh WordPress Translation < 1.0.8 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24911
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting. El plugin Transposh WordPress Translation de WordPress versiones anteriores a 1.0.8, no sanea ni escapa del parámetro tk0 de la acción AJAX tp_translation, lo que conlleva a un problema de tipo Cross-Site Scripting Almacenado, que se ejecutará en el panel de administración del plugin. El rol mínimo necesario para llevar a cabo este ataque depende de la configuración del plugin "¿Quién puede traducir? • https://wpscan.com/vulnerability/bd88be21-0cfc-46bd-b78a-23efc4868a55 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24912 – Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS
https://notcve.org/view.php?id=CVE-2021-24912
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin El plugin Transposh WordPress Translation de WordPress versiones anteriores a 1.0.8, no presenta una comprobación de tipo CSRF en su acción tp_translation AJAX, lo que podría permitir a atacantes a hacer que usuarios autorizados añadan una traducción. Dada una falta de saneo en el parámetro tk0, esto podría conllevar a un problema de tipo Cross-Site Scripting Almacenado que se ejecutaría en el contexto de un administrador conectado The Transposh WordPress Translation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8.1. This is due to missing nonce validation on several AJAX action function. This makes it possible for unauthenticated attackers to performa variety of actions such as initiating a back-up, changing the plugin's settings, and deleting duplicates via forged requests granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/349483e2-3ab5-4573-bc03-b1ebab40584d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •