Vulnerability Description
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tp_translation' AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on the site. Please note this is a separate issue from CVE-2022-2461. Notes from the researcher: When installed Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab. However, this option is largely ignored, if Transposh has enabled its "autotranslate" feature (it's enabled by default) and the HTTP POST parameter "sr0" is larger than 0. This is caused by a faulty validation in "wp/transposh_db.php."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Transposh | Transposh Wordpress Translation | <= 1.0.8.1 |
Related Weaknesses (CWE)
References
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txtExploitThird Party Advisory
- https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txtExploitThird Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordExploitThird Party Advisory
- https://www.exploitalert.com/view-details.html?id=38949ExploitThird Party Advisory
- https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-INot Applicable
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-856
- https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536Third Party Advisory
- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2536.txtExploitThird Party Advisory
- https://packetstormsecurity.com/files/168120/wptransposh1081-authz.txtExploitThird Party AdvisoryVDB Entry
- https://plugins.trac.wordpress.org/browser/transposh-translation-filter-for-wordExploitThird Party Advisory
- https://www.exploitalert.com/view-details.html?id=38949ExploitThird Party Advisory
- https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-INot Applicable
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-856Third Party Advisory
- https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2536Third Party Advisory
FAQ
What is CVE-2022-2536?
CVE-2022-2536 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient v...
How severe is CVE-2022-2536?
CVE-2022-2536 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2536?
Check the references section above for vendor advisories and patch information. Affected products include: Transposh Transposh Wordpress Translation.