Description
WordPress Plugin Transposh WordPress Translation is prone to multiple vulnerabilities, including security bypass and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently change some settings to influence the data shown on the site, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Transposh WordPress Translation version 1.0.8.1 is vulnerable; prior versions may also be affected.
Remediation
Disable and remove the plugin until a fix is available
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2462
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536
https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/#description
Related Vulnerabilities
PHP HTTP POST incorrect MIME header parsing vulnerability
WordPress Plugin Xorbin Digital Flash Clock Cross-Site Scripting (1.0)
WordPress Plugin Crisp Live Chat Cross-Site Request Forgery (0.31)
WordPress Plugin Fast Secure Contact Form Cross-Site Scripting (4.0.37)
WordPress Plugin Contact Form DB-Elementor Cross-Site Scripting (1.7)