Vulnerability Details : CVE-2022-2462
Potential exploit
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.
Vulnerability category: Information leak
Products affected by CVE-2022-2462
- cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-2462
8.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-2462
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Wordfence |
CWE ids for CVE-2022-2462
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by:
- nvd@nist.gov (Primary)
- security@wordfence.com (Secondary)
References for CVE-2022-2462
-
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE SecurityExploit;Third Party Advisory
-
https://packetstormsecurity.com/files/167878/wptransposh1081-disclose.txt
Transposh WordPress Translation 1.0.8.1 Information Disclosure ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1f12ac-86ac-4be9-9575-98381c3b4291?source=cve
Transposh WordPress Translation <= 1.0.8.1 - Sensitive Information Disclosure
-
https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1948
transposh.php in transposh-translation-filter-for-wordpress/trunk – WordPress Plugin RepositoryPatch;Third Party Advisory
-
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2462
Vulnerability Advisories - WordfenceExploit;Third Party Advisory
Jump to