Skip to main content

Transposh Wordpress Translation

6 CVEs product

Monthly

CVE-2022-2536 MEDIUM POC This Month

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass Transposh Wordpress Translation
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-2462 MEDIUM POC PATCH This Month

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure WordPress Transposh Wordpress Translation
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
4.7%
CVE-2022-2461 MEDIUM POC PATCH THREAT This Month

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

WordPress Authentication Bypass Transposh Wordpress Translation
NVD VulDB
CVSS 3.1
5.3
EPSS
17.8%
CVE-2022-25812 HIGH POC This Week

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Code Injection Transposh Wordpress Translation
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-25811 HIGH POC This Week

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Transposh Wordpress Translation
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2022-25810 MEDIUM POC This Month

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Transposh Wordpress Translation
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
EPSS 1% CVSS 5.3
MEDIUM POC This Month

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass +1
NVD GitHub VulDB
EPSS 5% CVSS 5.3
MEDIUM POC PATCH This Month

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure WordPress Transposh Wordpress Translation
NVD GitHub VulDB
EPSS 18% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

WordPress Authentication Bypass Transposh Wordpress Translation
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Code Injection +1
NVD WPScan
EPSS 1% CVSS 7.2
HIGH POC This Week

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Transposh Wordpress Translation
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy