PT-2026-3346 · WordPress · Phrase Tms Integration For Wordpress
Abhirup Konwar
·
Published
2026-01-17
·
Updated
2026-01-17
·
CVE-2025-12168
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Phrase TMS Integration for WordPress versions through 4.7.5
Description
The Phrase TMS Integration for WordPress plugin is affected by an issue allowing unauthorized modification of data. This is due to a missing capability check on the
wp ajax delete log API endpoint. Authenticated attackers with Subscriber-level access or higher can delete log files. The vulnerable parameter is not specified.Recommendations
Update The Phrase TMS Integration for WordPress to a version later than 4.7.5.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phrase Tms Integration For Wordpress