Description

WordPress Plugin Transposh WordPress Translation is prone to multiple vulnerabilities, including security bypass, SQL injection, cross-site request forgery and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently change some settings to influence the data shown on the site, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to perform certain administrative actions and gain unauthorized access to the affected application, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Transposh WordPress Translation version 1.0.8.1 is vulnerable; prior versions may also be affected.

Remediation

Disable and remove the plugin until a fix is available

References

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2461.txt

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2462.txt

https://packetstormsecurity.com/files/168120/Transposh-WordPress-Translation-1.0.8.1-Incorrect-Authorization.html

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24912.txt

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-25810.txt

https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-25811.txt

https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/#description

Related Vulnerabilities

WordPress Plugin WatuPRO SQL Injection (5.5.3.6)

WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Multiple Cross-Site Request Forgery Vulnerabilities (6.24.1)

Oracle JRE CVE-2020-2655 Vulnerability (CVE-2020-2655)

WordPress Plugin Hero Maps Pro Cross-Site Scripting (2.1.0)

Python Files or Directories Accessible to External Parties Vulnerability (CVE-2019-13404)

Severity

High

Classification

CVE-2021-24912 CVE-2022-2461 CVE-2022-2462 CVE-2022-2536 CVE-2022-25810 CVE-2022-25811 CWE-89 CWE-200 CWE-264 CWE-285 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update