Transposh WordPress Translation 1.0.7 Incorrect Authorization

Posted by deepcore on July 30, 2022 – 7:26 pm

Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the “Who can translate” setting under the “Settings” tab, which by default allows “Anonymous” users to add translations via the plugin’s “tp_translation” ajax action. Successful exploits can allow an unauthenticated attacker to add translations to the WordPress site and thereby influence what is actually shown on the site.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery Dingtian-DT-R002 3.1.276A Authentication Bypass »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Transposh WordPress Translation 1.0.7 Incorrect Authorization

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL