CVE-2022-25810

State: PUBLISHED · Published: 2022-08-22 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.

CWE

CWE-862 — CWE-862 Missing Authorization

Affected

Unknown / Transposh WordPress Translation — v=1.0.8 ≤1.0.8 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892 x_refsource_MISC

Source

cvelistV5-main/cves/2022/25xxx/CVE-2022-25810.json