CVE-2022-2462

Опубликовано: 06 сент. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.

Ссылки

https://packetstormsecurity.com/files/167878/wptransposh1081-disclose.txt
Exploit
Third Party Advisory
VDB Entry
https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1948
Patch
Third Party Advisory
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1f12ac-86ac-4be9-9575-98381c3b4291?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2462
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/167878/wptransposh1081-disclose.txt
Exploit
Third Party Advisory
VDB Entry
https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordpress/trunk/transposh.php?rev=2682425#L1948
Patch
Third Party Advisory
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
Exploit
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1f12ac-86ac-4be9-9575-98381c3b4291?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2462
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*

Версия до 1.0.8.1 (включая)

EPSS

Процентиль: 88%

0.04027

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-vr73-3j55-m4ww