Medium severity5.3NVD Advisory· Published Sep 6, 2022· Updated Apr 8, 2026

CVE-2022-2461

Description

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

Affected products

Transposh/Transposh Wordpress Translation
cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*
Range: <=1.0.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.phpnvdPatchThird Party Advisory
packetstormsecurity.com/files/167870/wptransposh107-auth.txtnvdExploitThird Party AdvisoryVDB Entry
www.exploitalert.com/view-details.htmlnvdExploitThird Party Advisory
www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/nvdExploitThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802nvdThird Party Advisory
www.wordfence.com/vulnerability-advisories/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.014
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000