Lucene search
WPScanCVE-2022-25812HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-25812
2022-08-2215:15:14
CWE-94
WPScan
web.nvd.nist.gov
34
4
cve-2022-25812
nvd
transposh
wordpress
translation
plugin
rce
security
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
44.9%
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE
Affected configurations
Node
transposhtransposh_wordpress_translationRange<1.0.8wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| transposh | transposh_wordpress_translation | * | cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"product": "Transposh WordPress Translation",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "1.0.8",
"versionType": "custom"
}
]
}
]Social References
More
Related
cvelist
cvelist
CVE-2022-25812 Transposh WordPress Translation < 1.0.8 - Admin+ RCE
2022-08-22 14:59:06
prion
prion
Code injection
2022-08-22 15:15:00
packetstorm
packetstorm
Transposh WordPress Translation 1.0.8.1 Remote Code Execution
2022-07-29 00:00:00
nvd
nvd
CVE-2022-25812
2022-08-22 15:15:14
zdt
zdt
Transposh WordPress Translation 1.0.8.1 Remote Code Execution Vulnerability
2022-07-31 00:00:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
44.9%
Related for CVE-2022-25812