CVE-2022-2462: 
WordPress vulnerability analysis and mitigation

The Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. The vulnerability, identified as CVE-2022-2462, was discovered in July 2022 and allows unauthorized users to access sensitive information through insufficient permissions checking on the 'tp_history' AJAX action (NVD, WPScan).

The vulnerability stems from insufficient permissions checking on the 'tp_history' AJAX action and inadequate restriction on the data returned in the response. The issue has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text on the website. This information disclosure could potentially be used for reconnaissance in preparation for further attacks (NVD).

Website administrators running affected versions of the Transposh WordPress Translation plugin should update to a version newer than 1.0.8.1 if available. If updating is not possible, it is recommended to disable the plugin until a patch can be applied (WPScan).