CVE-2022-25810

MEDIUM

Transposh WordPress Translation < 1.0.8 - Missing Authorization in Utilities Tab

Title source: llm
STIX 2.1

Description

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892

Scores

CVSS v3 6.5
EPSS 0.0089
EPSS Percentile 55.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-862
Status published
Products (1)
transposh/transposh_wordpress_translation < 1.0.8
Published Aug 22, 2022
Tracked Since Feb 18, 2026