CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24912 – Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS
https://notcve.org/view.php?id=CVE-2021-24912
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin El plugin Transposh WordPress Translation de WordPress versiones anteriores a 1.0.8, no presenta una comprobación de tipo CSRF en su acción tp_translation AJAX, lo que podría permitir a atacantes a hacer que usuarios autorizados añadan una traducción. Dada una falta de saneo en el parámetro tk0, esto podría conllevar a un problema de tipo Cross-Site Scripting Almacenado que se ejecutaría en el contexto de un administrador conectado The Transposh WordPress Translation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8.1. This is due to missing nonce validation on several AJAX action function. This makes it possible for unauthenticated attackers to performa variety of actions such as initiating a back-up, changing the plugin's settings, and deleting duplicates via forged requests granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/349483e2-3ab5-4573-bc03-b1ebab40584d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25811 – Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-25811
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection El plugin Transposh WordPress Translation de WordPress versiones hasta 1.0.8, no sanea y escapa de los parámetros order y orderby antes de usarlos en una sentencia SQL, conllevando a una inyección SQL The Transposh WordPress Translation plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in versions up to, and including, 1.0.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative level permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Transposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application. • https://wpscan.com/vulnerability/0e0d2c5f-3396-4a0a-a5c6-6a98de3802c9 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24910 – Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24910
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue El plugin Transposh WordPress Translation de WordPress versiones anteriores a 1.0.8, no sanea y escapa del parámetro a por medio de una acción AJAX (disponible tanto para usuarios no autenticados como autenticados cuando la librería curl está instalada) antes de devolverlo a la respuesta, conllevando a un problema de tipo Cross-Site Scripting Reflejado The Transposh WordPress Translation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_tp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code onto the same page. • https://wpscan.com/vulnerability/b5cbebf4-5749-41a0-8be3-3333853fca17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 3CVE-2022-2461 – Transposh WordPress Translation <= 1.0.8.1 - Unauthorized Settings Change
https://notcve.org/view.php?id=CVE-2022-2461
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site. El plugin Transposh WordPress Translation para WordPress es vulnerable a cambios de configuración no autorizados por parte de usuarios no autenticados en versiones hasta 1.0.8.1 incluyéndola. Esto es debido a una insuficiente comprobación de permisos en la acción AJAX "tp_translation" y en la configuración por defecto, lo que hace posible a atacantes no autenticados influir en los datos mostrados en el sitio • https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989 https://www.exploitalert.com/view-details.html?id=38891 https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 22%CPEs: 1EXPL: 3CVE-2022-2462 – Transposh WordPress Translation <= 1.0.8.1 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2022-2462
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text. El plugin Transposh WordPress Translation para WordPress es vulnerable a la divulgación de información confidencial a usuarios no autenticados en versiones hasta 1.0.8.1 incluyéndola. Esto es debido a la insuficiente comprobación de permisos en la acción AJAX "tp_history" y a la insuficiente restricción de los datos devueltos en la respuesta. • https://packetstormsecurity.com/files/167878/wptransposh1081-disclose.txt https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1948 https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1f12ac-86ac-4be9-9575-98381c3b4291?source=cve https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2462 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •