cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-2536,https://securityvulnerability.io/vulnerability/CVE-2022-2536,Unauthorized Setting Changes in Transposh WordPress Translation Plugin,"The Transposh WordPress Translation plugin is impacted by a vulnerability that allows unauthenticated users to modify site settings unchecked. This occurs due to inadequate validation on the 'tp_translation' AJAX action. Attackers can exploit this weakness to override the 'Who can translate' option, particularly when the plugin's auto-translate feature is enabled by default. This security flaw enables unauthorized manipulation of displayed data, raising significant concerns for the integrity of WordPress websites using the plugin.",Wordpress,Transposh WordPress Translation,7.5,HIGH,0.0784199982881546,false,,false,false,false,,false,false,2022-12-15T04:01:45.987Z,0
CVE-2022-2461,https://securityvulnerability.io/vulnerability/CVE-2022-2461,Transposh WordPress Translation <= 1.0.8.1 - Unauthorized Settings Change,"The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.",Wordpress,Transposh WordPress Translation,5.3,MEDIUM,0.007000000216066837,false,,false,false,false,,false,false,2022-09-06T17:18:58.000Z,0
CVE-2022-2462,https://securityvulnerability.io/vulnerability/CVE-2022-2462,Transposh WordPress Translation <= 1.0.8.1 - Sensitive Information Disclosure,"The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.",Wordpress,Transposh WordPress Translation,5.3,MEDIUM,0.08009999990463257,false,,false,false,false,,false,false,2022-09-06T17:18:57.000Z,0
CVE-2022-25812,https://securityvulnerability.io/vulnerability/CVE-2022-25812,Transposh WordPress Translation < 1.0.8 - Admin+ RCE,"The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE",Wordpress,Transposh WordPress Translation,7.2,HIGH,0.001509999972768128,false,,false,false,false,,false,false,2022-08-22T14:59:06.000Z,0
CVE-2022-25811,https://securityvulnerability.io/vulnerability/CVE-2022-25811,Transposh WordPress Translation <= 1.0.8 - Admin+ SQL Injection,"The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection",Wordpress,Transposh WordPress Translation,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-08-22T14:58:47.000Z,0
CVE-2022-25810,https://securityvulnerability.io/vulnerability/CVE-2022-25810,Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls,"The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.",Wordpress,Transposh WordPress Translation,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-08-22T14:58:31.000Z,0
CVE-2021-24912,https://securityvulnerability.io/vulnerability/CVE-2021-24912,Transposh WordPress Translation < 1.0.8 - CSRF to Stored XSS,"The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin",Wordpress,Transposh WordPress Translation,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-08-22T14:56:37.000Z,0
CVE-2021-24911,https://securityvulnerability.io/vulnerability/CVE-2021-24911,Transposh WordPress Translation < 1.0.8 - Stored Cross-Site Scripting,"The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin ""Who can translate ?"" setting.",Wordpress,Transposh WordPress Translation,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-08-22T14:56:13.000Z,0
CVE-2021-24910,https://securityvulnerability.io/vulnerability/CVE-2021-24910,Transposh WordPress Translation < 1.0.8 - Reflected Cross-Site Scripting,"The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue",Wordpress,Transposh WordPress Translation,6.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,false,false,2022-08-22T14:55:46.000Z,0