CVE-2022-2461

Name of the Vulnerable Software and Affected Versions Transposh WordPress Translation plugin versions up to, and including, 1.0.8.1

Description The issue is due to insufficient permissions checking on the 'tp translation' AJAX action and default settings, making it possible for unauthenticated attackers to influence the data shown on the site. This allows unauthorized setting changes by unauthenticated users.

Recommendations For versions up to, and including, 1.0.8.1, update to a version higher than 1.0.8.1 to resolve the issue. As a temporary workaround, consider restricting access to the 'tp translation' AJAX action until a patch is available.