vulnerability
WordPress Plugin: transposh-translation-filter-for-wordpress: CVE-2022-25812: Unrestricted Upload of File with Dangerous Type
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | Jul 22, 2022 | Jul 22, 2025 | Jul 22, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Jul 22, 2022
Added
Jul 22, 2025
Modified
Jul 22, 2025
Description
The Transposh WordPress Translation plugin for WordPress is vulnerable to remote code execution in versions up to, and including, 1.0.9.1. This is due to insufficient extension validation on the log file that can be created via the plugin. This makes it possible for authenticated attackers with administrative level permissions and above to set the log file extension to .php and then update a setting to log PHP executable code to that file which can be used to achieve remote code execution.
Solution
transposh-translation-filter-for-wordpress-plugin-cve-2022-25812
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.