CVE-2022-2461
MEDIUM EXPLOITED NUCLEITransposh WordPress Translation <= 1.0.9.6 - Unauthenticated Setting Change via tp_translation AJAX Action
Title source: llmExploitation Summary
CVE-2022-2461 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.
Nuclei Templates (1)
Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change
MEDIUMVERIFIEDby riteshs4hu
FOFA:
body="/wp-content/plugins/transposh-translation-filter-for-wordpress/"
References (6)
Core 6
Core References
Exploit, Third Party Advisory, VDB Entry
https://packetstormsecurity.com/files/167870/wptransposh107-auth.txt
Patch, Third Party Advisory
https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1989
Exploit, Third Party Advisory
https://www.exploitalert.com/view-details.html?id=38891
Exploit, Third Party Advisory
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461
Scores
CVSS v3
5.3
EPSS
0.0351
EPSS Percentile
87.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2022-07-25
CWE
CWE-862
Status
published
Products (2)
oferwald/Transposh WordPress Translation
< 1.0.9.6
transposh/transposh_wordpress_translation
< 1.0.8.1
Published
Sep 06, 2022
Tracked Since
Feb 18, 2026