Medium severity5.3NVD Advisory· Published Sep 6, 2022· Updated Apr 8, 2026

CVE-2022-2462

Description

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.

Affected products

Transposh/Transposh Wordpress Translation
cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*
Range: <=1.0.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.phpnvdPatchThird Party Advisory
packetstormsecurity.com/files/167878/wptransposh1081-disclose.txtnvdExploitThird Party AdvisoryVDB Entry
www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/nvdExploitThird Party Advisory
www.wordfence.com/vulnerability-advisories/nvdExploitThird Party Advisory
github.com/oferwald/transposh/blob/master/transposh.phpnvd
www.wordfence.com/threat-intel/vulnerabilities/id/bd1f12ac-86ac-4be9-9575-98381c3b4291nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000