CVE-2022-2536
Transposh WordPress Translation <= 1.0.8.1 - Authorization Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461.
Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab. However, this option is largely ignored, if Transposh has enabled its "autotranslate" feature (it's enabled by default) and the HTTP POST parameter "sr0" is larger than 0. This is caused by a faulty validation in "wp/transposh_db.php."
Transposh WordPress Translation plugin for WordPress es vulnerable a cambios de configuración no autorizados por parte de usuarios no autenticados en versiones hasta la 1.0.8.1 inclusive. Esto se debe a una validación insuficiente de la configuración de la acción AJAX 'tp_translation', que hace posible que atacantes no autenticados omitan cualquier restricción e influyan en los datos mostrados en el sitio. Tenga en cuenta que este es un problema independiente de CVE-2022-2461. Notas del investigador: Cuando Transposh está instalado viene con un conjunto de opciones preconfiguradas, una de ellas es la configuración "Who can translate" en la pestaña "Settings". Sin embargo, esta opción se ignora en gran medida si Transposh ha habilitado su función de "autotranslate" (está habilitada de forma predeterminada) y el parámetro HTTP POST "sr0" es mayor que 0. Esto se debe a una validación defectuosa en "wp/transposh_db.php ".
Transposh WordPress Translation versions 1.0.8.1 and below suffer from an incorrect authorization vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-25 CVE Reserved
- 2022-08-19 CVE Published
- 2024-07-07 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-285: Improper Authorization
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS | Not Applicable | |
| https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6 | Third Party Advisory | |
| https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Transposh Search vendor "Transposh" | Transposh Wordpress Translation Search vendor "Transposh" for product "Transposh Wordpress Translation" | <= 1.0.8.1 Search vendor "Transposh" for product "Transposh Wordpress Translation" and version " <= 1.0.8.1" | wordpress |
Affected
| ||||||