Vulnerability Details : CVE-2022-2536
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab. However, this option is largely ignored, if Transposh has enabled its "autotranslate" feature (it's enabled by default) and the HTTP POST parameter "sr0" is larger than 0. This is caused by a faulty validation in "wp/transposh_db.php."
Vulnerability category: BypassGain privilege
Products affected by CVE-2022-2536
- cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-2536
2.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-2536
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
Wordfence |
CWE ids for CVE-2022-2536
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security@wordfence.com (Primary)
References for CVE-2022-2536
-
https://www.exploitalert.com/view-details.html?id=38949
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization - ExploitalertExploit;Third Party Advisory
-
https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536
Vulnerability Advisories Continued - WordfenceThird Party Advisory
-
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE SecurityNot Applicable
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6
Third Party Advisory
-
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt
Exploit;Third Party Advisory
-
https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989
transposh.php in transposh-translation-filter-for-wordpress/trunk – WordPress Plugin RepositoryExploit;Third Party Advisory
-
https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to