cve-2022-2536
Vulnerability from cvelistv5
Published
2022-12-15 04:01
Modified
2025-01-23 20:29
Severity ?
EPSS score ?
Summary
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461.
Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab. However, this option is largely ignored, if Transposh has enabled its "autotranslate" feature (it's enabled by default) and the HTTP POST parameter "sr0" is larger than 0. This is caused by a faulty validation in "wp/transposh_db.php."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@wordfence.com | https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt | Exploit, Third Party Advisory | |
| security@wordfence.com | https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt | Exploit, Third Party Advisory, VDB Entry | |
| security@wordfence.com | https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989 | Exploit, Third Party Advisory | |
| security@wordfence.com | https://www.exploitalert.com/view-details.html?id=38949 | Exploit, Third Party Advisory | |
| security@wordfence.com | https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/ | Not Applicable | |
| security@wordfence.com | https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6 | Third Party Advisory | |
| security@wordfence.com | https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536 | Third Party Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| oferwald | Transposh WordPress Translation |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:08.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.exploitalert.com/view-details.html?id=38949"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T20:29:15.429487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T20:29:18.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Transposh WordPress Translation",
"vendor": "oferwald",
"versions": [
{
"lessThanOrEqual": "1.0.8.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Julien Ahrens"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the \u0027tp_translation\u0027 AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. \r\n\r\nNotes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the \"Who can translate\" setting under the \"Settings\" tab. However, this option is largely ignored, if Transposh has enabled its \"autotranslate\" feature (it\u0027s enabled by default) and the HTTP POST parameter \"sr0\" is larger than 0. This is caused by a faulty validation in \"wp/transposh_db.php.\""
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-285 Improper Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-15T04:01:45.987Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6"
},
{
"url": "https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989"
},
{
"url": "https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt"
},
{
"url": "https://www.exploitalert.com/view-details.html?id=38949"
},
{
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536"
},
{
"url": "https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-11-14T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-2536",
"datePublished": "2022-12-15T04:01:45.987Z",
"dateReserved": "2022-07-25T12:16:31.645Z",
"dateUpdated": "2025-01-23T20:29:18.923Z",
"requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-2536\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2022-12-15T19:15:17.283\",\"lastModified\":\"2023-11-07T03:46:38.837\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the \u0027tp_translation\u0027 AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. \\r\\n\\r\\nNotes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the \\\"Who can translate\\\" setting under the \\\"Settings\\\" tab. However, this option is largely ignored, if Transposh has enabled its \\\"autotranslate\\\" feature (it\u0027s enabled by default) and the HTTP POST parameter \\\"sr0\\\" is larger than 0. This is caused by a faulty validation in \\\"wp/transposh_db.php.\\\"\"},{\"lang\":\"es\",\"value\":\"Transposh WordPress Translation plugin for WordPress es vulnerable a cambios de configuraci\u00f3n no autorizados por parte de usuarios no autenticados en versiones hasta la 1.0.8.1 inclusive. Esto se debe a una validaci\u00f3n insuficiente de la configuraci\u00f3n de la acci\u00f3n AJAX \u0027tp_translation\u0027, que hace posible que atacantes no autenticados omitan cualquier restricci\u00f3n e influyan en los datos mostrados en el sitio. Tenga en cuenta que este es un problema independiente de CVE-2022-2461. Notas del investigador: Cuando Transposh est\u00e1 instalado viene con un conjunto de opciones preconfiguradas, una de ellas es la configuraci\u00f3n \\\"Who can translate\\\" en la pesta\u00f1a \\\"Settings\\\". Sin embargo, esta opci\u00f3n se ignora en gran medida si Transposh ha habilitado su funci\u00f3n de \\\"autotranslate\\\" (est\u00e1 habilitada de forma predeterminada) y el par\u00e1metro HTTP POST \\\"sr0\\\" es mayor que 0. Esto se debe a una validaci\u00f3n defectuosa en \\\"wp/transposh_db.php \\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*\",\"versionEndIncluding\":\"1.0.8.1\",\"matchCriteriaId\":\"95C38C84-F714-4FFB-A0A3-2CA8AFB18DA8\"}]}]}],\"references\":[{\"url\":\"https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txt\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txt\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploitalert.com/view-details.html?id=38949\",\"source\":\"security@wordfence.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/\",\"source\":\"security@wordfence.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.