cbcvebase.
CVE-2022-2461
published 2022-09-06

CVE-2022-2461: The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and…

PriorityP278medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.51%
87.7th percentile
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

Affected

2 ranges
VendorProductVersion rangeFixed in
oferwaldtransposh_wordpress_translation<= 1.0.9.6
transposhtransposh_wordpress_translation<= 1.0.8.1

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php
path/wp-content/plugins/transposh-translation-filter-for-wordpress/
commandaction=tp_translation&ln0=en&sr0=oast.me&items=1&tk0=oast.me&tr0=oast.me
otherTransposh: v-[0-9.]+
  • Exploit POST requests target /wp-admin/admin-ajax.php with action=tp_translation and sr0 parameter set to a non-zero/attacker-controlled value; monitor for unauthenticated POST requests matching this pattern.
  • Successful exploitation returns HTTP 200 with body containing '200 - backup in sync' and Content-Type text/html; use this as a confirmation matcher.
  • The Transposh plugin version can be fingerprinted from HTTP response headers via the 'Transposh: v-<version>' header pattern.
  • Presence of the plugin path /wp-content/plugins/transposh-translation-filter-for-wordpress/ in page body indicates a potentially vulnerable installation; use as a passive discovery signal.
  • The vulnerability is triggered when the HTTP POST parameter 'sr0' is larger than 0, bypassing the 'Who can translate' permission check due to faulty validation in wp/transposh_db.php.
  • ·The autotranslate feature is enabled by default in Transposh, which is a prerequisite for the bypass condition (sr0 > 0) to work; sites with autotranslate disabled may not be exploitable via this exact path.
  • ·CVE-2022-2461 affects versions up to and including 1.0.8.1; CVE-2022-2536 is a separate but related issue affecting up to 1.0.9.6 — ensure detection rules account for both version ranges.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.