Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:9A934A84-F0C7-42ED-B980-BB168B2C5892
HistoryJul 26, 2022 - 12:00 a.m.

Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls

2022-07-2600:00:00
wpvulndb
104
wordpress
translation
subscriber
unauthorised
calls
exploit
security

EPSS

0.001

Percentile

24.8%

JSON

The plugin exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.

As a subscriber:
https://example.com/wp-admin/admin-ajax.php?action=tp_reset
https://example.com/wp-admin/admin-ajax.php?action=tp_cleanup&days=0

Related

cvelist 1
packetstorm 1
zdt 1
cve 1
prion 1
wpvulndb 1
nvd 1
cvelist
cvelist
CVE-2022-25810 Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls
2022-08-22 14:58:31
packetstorm
packetstorm
Transposh WordPress Translation 1.0.8.1 Improper Authorization
2022-07-29 00:00:00
zdt
zdt
Transposh WordPress Translation 1.0.8.1 Improper Authorization Vulnerability
2022-07-31 00:00:00
cve
cve
CVE-2022-25810
2022-08-22 15:15:14
prion
prion
Design/Logic Flaw
2022-08-22 15:15:00
wpvulndb
wpvulndb
Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls
2022-07-26 00:00:00
nvd
nvd
CVE-2022-25810
2022-08-22 15:15:14

EPSS

0.001

Percentile

24.8%

JSON
Related for WPEX-ID:9A934A84-F0C7-42ED-B980-BB168B2C5892
cvelist1packetstorm1zdt1cve1prion1wpvulndb1nvd1