Vulnerabilities > Transposh > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-2461 | Missing Authorization vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. | 5.3 |
| 2022-09-06 | CVE-2022-2462 | Information Exposure vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. | 5.3 |
| 2022-08-22 | CVE-2021-24910 | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | 6.1 |
| 2022-08-22 | CVE-2021-24911 | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. | 5.4 |
| 2022-08-22 | CVE-2021-24912 | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. | 5.4 |
| 2022-08-22 | CVE-2022-25810 | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. | 6.5 |