← Back

CVE-2022-2461

nvd nistnuclei
Published: Sep 6, 2022Modified: Apr 8, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

Affected (1)

Transposh
1 product
Transposh Wordpress Translation
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Transposh Wordpress Translation
Up to 1.0.8.1

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (12)

Source: security@wordfence.com
ExploitThird Party AdvisoryVDB Entry
Source: security@wordfence.com
PatchThird Party Advisory
Source: security@wordfence.com
ExploitThird Party Advisory
Source: security@wordfence.com
ExploitThird Party Advisory
Source: security@wordfence.com
Third Party Advisory
Source: security@wordfence.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.