Description
WordPress Plugin Transposh WordPress Translation is prone to multiple vulnerabilities, including security bypass, SQL injection, cross-site request forgery and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently change some settings to influence the data shown on the site, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to perform certain administrative actions and gain unauthorized access to the affected application, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Transposh WordPress Translation version 1.0.8.1 is vulnerable; prior versions may also be affected.
Remediation
Disable and remove the plugin until a fix is available
References
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2461.txt
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2462.txt
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24912.txt
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-25810.txt
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-25811.txt
https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/#description
Related Vulnerabilities
MySQL CVE-2016-5624 Vulnerability (CVE-2016-5624)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)
WordPress Plugin AgentEasy Properties Cross-Site Scripting (1.0.4)
WordPress Cross-Site Scripting Vulnerability (3.9 - 4.1.1)
OpenSSL Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-2650)