CVE-2022-25812

CWE-94Code Injection3 documents3 sources
Severity
7.2HIGH
EPSS
1.4%
top 19.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Transposh Wordpress TranslationTransposh Transposh Wordpress Translation
Timeline
PublishedAug 22
Latest updateAug 23

Description

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/transposh_wordpress_translation1.0.81.0.8

🔴Vulnerability Details

2
GHSA
GHSA-r3hj-92hh-4g2x: The Transposh WordPress Translation WordPress plugin before 12022-08-23
CVEList
Transposh WordPress Translation < 1.0.8 - Admin+ RCE2022-08-22
CVE-2022-25812 (HIGH CVSS 7.2) | The Transposh WordPress Translation | cvebase.io