CVE-2022-2461: 
WordPress vulnerability analysis and mitigation

The Transposh WordPress Translation plugin for WordPress versions up to 1.0.8 contains a vulnerability that allows unauthorized users to change settings without authentication. The vulnerability was discovered in July 2022 and is tracked as CVE-2022-2461 (WPScan).

The vulnerability exists in the tp_translation AJAX action which lacks proper authorization checks. This allows unauthenticated users to call the action and modify plugin settings. The vulnerability has been assigned a CVSS score of 5.3 (Medium) and is classified as a Broken Access Control issue under OWASP Top 10 category A5 and CWE-862 (WPScan).

The vulnerability allows any unauthenticated user to influence the translated content shown to all visitors of the affected WordPress site. This effectively means attackers can modify site content through unauthorized translation submissions (RCE Security).

No official fix has been released for this vulnerability. Website administrators using the affected versions should consider either removing the plugin or implementing additional access controls to restrict unauthorized access to the translation functionality (WPScan).