WordPress Plugin Vulnerabilities

Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

Description

The plugin does not have any authorisation in its tp_translation AJAX action, allowing unauthenticated users to call it

Affects Plugins

Plugin icon
transposh-translation-filter-for-wordpress
No known fix

References

CVE
CVE-2022-2461

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Julien Ahrens
Verified
No
WPVDB ID
56a961b0-66b7-4dbf-a0e4-0cd38c9aa8dd

Timeline

Publicly Published
2022-07-25 (about 3 years ago)
Added
2022-07-25 (about 3 years ago)
Last Updated
2022-08-25 (about 3 years ago)

Other

Published
Title
Published
2024-04-29
Title
Progressive WordPress (PWA) <= 2.1.13 - Missing Authorization
Published
2025-04-02
Title
Residential Address Detection < 2.5.5 - Missing Authorization
Published
2025-09-22
Title
CF7 Submissions <= 0.26 - Missing Authorization
Published
2025-08-11
Title
Thank You Page Customizer for WooCommerce – Increase Your Sales < 1.1.8 - Missing Authorization
Published
2025-12-18
Title
Adminify < 4.0.7 - Missing Authorization