OpenCVE

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Transposh	Transposh Wordpress Translation

Configuration 1 [-]

cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-08-22T14:58:31

Updated: 2024-08-03T04:49:43.477Z

Reserved: 2022-02-23T00:00:00

Link: CVE-2022-25810

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-22T15:15:14.007

Modified: 2024-11-21T06:53:02.667

Link: CVE-2022-25810

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Transposh WordPress Translation", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.0.8", "status": "affected", "version": "1.0.8", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Julien Ahrens"}], "descriptions": [{"lang": "en", "value": "The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has \u201ctp_reset\u201d under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-22T14:58:31", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892"}], "source": {"discovery": "EXTERNAL"}, "title": "Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-25810", "STATE": "PUBLIC", "TITLE": "Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Transposh WordPress Translation", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.0.8", "version_value": "1.0.8"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Julien Ahrens"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has \u201ctp_reset\u201d under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862 Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:43.477Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-25810", "datePublished": "2022-08-22T14:58:31", "dateReserved": "2022-02-23T00:00:00", "dateUpdated": "2024-08-03T04:49:43.477Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "941B7D1D-EFD4-45BB-B20D-CEF3BCE84FDF", "versionEndIncluding": "1.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has \u201ctp_reset\u201d under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations."}, {"lang": "es", "value": "El plugin Transposh WordPress Translation de WordPress versiones hasta 1.0.8, expone un par de acciones confidenciales como \"tp_reset\" bajo la pesta\u00f1a Utilities (/wp-admin/admin.php?page=tp_utils), que pueden ser usadas/ejecutadas como el usuario menos privilegiado. B\u00e1sicamente todas las funcionalidades de Utilidades son vulnerables de esta manera, lo que implica restablecer configuraciones y operaciones de backup/restauraci\u00f3n."}], "id": "CVE-2022-25810", "lastModified": "2024-11-21T06:53:02.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-22T15:15:14.007", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/9a934a84-f0c7-42ed-b980-bb168b2c5892"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "contact@wpscan.com", "type": "Secondary"}]}