Transposh WordPress Translation <= 1.0.8 – Subscriber+ Unauthorised Calls | CVE 2022-25810

Description

The plugin exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.

Proof of Concept

As a subscriber:
https://example.com/wp-admin/admin-ajax.php?action=tp_reset
https://example.com/wp-admin/admin-ajax.php?action=tp_cleanup&days=0

Affects Plugins

transposh-translation-filter-for-wordpress

No known fix

References

CVE

CVE-2022-25810

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Julien Ahrens

Verified

Yes

WPVDB ID

9a934a84-f0c7-42ed-b980-bb168b2c5892

Timeline

Publicly Published

2022-07-26 (about 3 years ago)

Added

2022-07-26 (about 3 years ago)

Last Updated

2022-08-25 (about 3 years ago)

Other

Published

Title

Published

2025-04-25

Title

Aeropage Sync for Airtable < 3.3.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

Published

2025-01-16

Title

Sur.ly <= 3.0.3 - Missing Authorization

Published

2025-06-12

Title

Majestic Support < 1.1.1 - Missing Authorization

Published

2024-05-17

Title

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Settings Update

Published

2025-12-01

Title

Beaver Builder – WordPress Page Builder < 2.9.4.1 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification