CVE-2022-25810 Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

2022-08-2214:58:31

CWE-862

WPScan

www.cve.org

cve-2022-25810

wordpress

translation

subscriber

unauthorised calls

sensitive actions

utilities

vulnerable

EPSS

0.001

Percentile

24.8%

JSON

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.

CNA Affected

[
  {
    "product": "Transposh WordPress Translation",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "1.0.8",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892

EPSS

0.001

Percentile

24.8%

JSON

Related for CVELIST:CVE-2022-25810