CVE-2022-38974 WPML, a premium plugin for WordPress, has a vulnerability that allows users with subscriber or higher roles to change translation jobs.

This can result in a situation where a malicious user with subscriber role can change the status of a translation job and make it unapproved. In such scenario, the malicious user cannot see the changes made to the job, and it will be marked as approved even when it was not approved. A similar issue also occurs when there are multiple users with subscriber role who try to change the status of a translation job. In such scenario, the job will be marked as approved even when it was not approved. WordPress automatically checks the validity of the changes to the status of the translation job. If the user who made the change does not have the necessary rights to make the change, WordPress will not consider the change. Thus, it will still show the original state of the job. This issue can be exploited by a malicious user with subscriber role to make unauthorized changes to the status of a translation job. Exploitation of this issue requires social engineering of the victim user.

ID: 3785e0a1-0f57-4c46-9b3f-be6d5e77c653

This can result in a situation where a malicious user with subscriber role can change the status of a translation job and make it unapproved. In such scenario, the malicious user cannot see the changes made to the job, and it will be marked as approved even when it was not approved. A similar issue also occurs when there are multiple users with subscriber role who try to change the status of a translation job. In such scenario, the job will be marked as approved even when it was not approved. WordPress automatically checks the validity of the changes to the status of the translation job. If the user who made the change does not have the necessary rights to make the change, WordPress will not consider the change. Thus, it will still show the original state of the job. This issue can be exploited by a malicious user with subscriber role to make unauthorized changes to the status of a translation job. Exploitation of this issue requires social engineering of the victim user.

Vulnerability Type :

Unauthenticated Information Disclosure

How to Fix?

The issue can be fixed by creating a custom filter that only show the changes done by a specific user, who has the necessary rights to change the status of a translation job.

Wordpress: Do not use the translation.wordpress.com domain for your WordPress site

WordPress is a content management system (CMS) used to create websites and blogs. This issue can be exploited by a malicious user with subscriber role to make unauthorized changes to the status of a translation job on WordPress. Exploitation of this issue requires social engineering of the victim user.
**Please note that this is an unpublished advisory, which may change without notice. We recommend updating your systems according to our advisory immediately.**

How To Fix?

There are multiple solutions to fix this issue. The best solution is probably to remove the subscriber role.

Timeline

Published on: 11/18/2022 19:15:00 UTC
Last modified on: 11/21/2022 13:32:00 UTC

References

• https://patchstack.com/database/vulnerability/sitepress-multilingual-cms/wordpress-wpml-multilingual-cms-plugin-4-5-10-broken-access-control-vulnerability-2?_s_id=cve
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38974