Description
WordPress Plugin Transposh WordPress Translation is prone to multiple vulnerabilities, including security bypass, SQL injection, cross-site request forgery and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently change some settings to influence the data shown on the site, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to perform certain administrative actions and gain unauthorized access to the affected application, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Transposh WordPress Translation version 1.0.8.1 is vulnerable; prior versions may also be affected.
Remediation
Disable and remove the plugin until a fix is available
References
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2461.txt
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-2462.txt
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2021-24912.txt
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-25810.txt
https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2022-25811.txt
https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/#description