CVE-2022-25810
MEDIUMTransposh WordPress Translation < 1.0.8 - Missing Authorization in Utilities Tab
Title source: llmDescription
The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892
Scores
CVSS v3
6.5
EPSS
0.0089
EPSS Percentile
55.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-862
Status
published
Products (1)
transposh/transposh_wordpress_translation
< 1.0.8
Published
Aug 22, 2022
Tracked Since
Feb 18, 2026