Vulnerabilities > Transposh

DATE CVE VULNERABILITY TITLE RISK
2022-12-15 CVE-2022-2536 Unspecified vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1.
network
low complexity
transposh
7.5
2022-09-06 CVE-2022-2461 Missing Authorization vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1.
network
low complexity
transposh CWE-862
5.3
2022-09-06 CVE-2022-2462 Information Exposure vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1.
network
low complexity
transposh CWE-200
5.3
2022-08-22 CVE-2021-24910 Unspecified vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
network
low complexity
transposh
6.1
2022-08-22 CVE-2021-24911 Unspecified vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin.
network
low complexity
transposh
5.4
2022-08-22 CVE-2021-24912 Unspecified vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation.
network
low complexity
transposh
5.4
2022-08-22 CVE-2022-25810 Unspecified vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user.
network
low complexity
transposh
6.5
2022-08-22 CVE-2022-25811 Unspecified vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection
network
low complexity
transposh
7.2
2022-08-22 CVE-2022-25812 Unspecified vulnerability in Transposh Wordpress Translation
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE
network
low complexity
transposh
7.2