CVE-2022-2462

Name of the Vulnerable Software and Affected Versions Transposh WordPress Translation plugin versions up to, and including, 1.0.8.1

Description The issue is related to insufficient permissions checking on the 'tp history' AJAX action and insufficient restriction on the data returned in the response. This allows unauthenticated users to exfiltrate usernames of individuals who have translated text.

Recommendations For versions up to, and including, 1.0.8.1, consider disabling the 'tp history' AJAX action until a patch is available to prevent sensitive information disclosure. Restrict access to the data returned in the response to minimize the risk of exploitation.