CVE-2022-25810

Name of the Vulnerable Software and Affected Versions Transposh WordPress Translation plugin versions 1.0.8 and earlier

Description The issue allows access to sensitive actions, such as tp reset, under the Utilities tab, accessible via the /wp-admin/admin.php?page=tp utils endpoint. This vulnerability affects all Utilities functionalities, including resetting configurations and backup/restore operations, and can be executed by the lowest-privileged user.

Recommendations For Transposh WordPress Translation plugin versions 1.0.8 and earlier, update to a version later than 1.0.8 to resolve the issue. As a temporary workaround, consider restricting access to the /wp-admin/admin.php?page=tp utils endpoint and the tp reset action to minimize the risk of exploitation.