CVE-2022-2462 MEDIUM

CVE-2022-2462: Transposh WordPress Translation <= 1.0.9.6 - Sensitive Information Disclosure

Vendor Oferwald
Product Transposh WordPress Translation
Weakness CWE-200 · Info exposure
Published September 6, 2022
Last update April 8, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.

Key dates

02Disclosure timeline

September 6, 2022 CVE published
April 8, 2026 Record updated