WordPress Plugin Vulnerabilities

Transposh WordPress Translation <= 1.0.8 - Settings Update via Authorization Bypass

Description

The plugin does not properly check for its "Who can translate" settings when the auto translate is enabled (which is the default), which could allow unauthenticated attackers to update settings

Affects Plugins

Plugin icon
transposh-translation-filter-for-wordpress
No known fix

References

CVE
CVE-2022-2536

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Julien Ahrens
Verified
No
WPVDB ID
9aeecf53-3ab3-4784-8528-a39d00e3b59b

Timeline

Publicly Published
2022-11-14 (about 3 years ago)
Added
2022-11-14 (about 3 years ago)
Last Updated
2022-11-14 (about 3 years ago)

Other

Published
Title
Published
2026-02-25
Title
The Events Calendar < 6.15.16.1 - Contributor+ Event/Organizer/Venue Update/Trash via REST API
Published
2024-06-19
Title
Depicter < 3.1.0 - Authenticated (Contributor+) Arbitrary Nonce Generation
Published
2024-04-05
Title
PostX – Gutenberg Blocks for Post Grid < 3.2.4 - Incorrect Authorization
Published
2024-02-05
Title
Prime Slider – Addons For Elementor < 3.11.11 - Incorrect Authorization via bdt_duplicate_as_draft
Published
2021-10-27
Title
WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header