Login Sign Up

CVE-2022-0770

8.8 HIGH
CSRF

📋 TL;DR

This vulnerability in the Translate WordPress with GTranslate plugin allows attackers to steal admin session cookies via CSRF attacks. Attackers can trick logged-in administrators into clicking malicious links, which writes sensitive debug data including cookies to publicly accessible files. WordPress sites using vulnerable plugin versions are affected.

💻 Affected Systems

Products:
  • Translate WordPress with GTranslate WordPress plugin
Versions: Versions before 2.9.9
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin activated and an admin user logged in.

📦 What is this software?

Translate Wordpress With Gtranslate by Gtranslate

View all CVEs affecting Translate Wordpress With Gtranslate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full site compromise through admin account takeover, leading to data theft, malware injection, or complete site defacement.

🟠

Likely Case

Session hijacking of admin accounts, potentially leading to unauthorized content changes or plugin/theme modifications.

🟢

If Mitigated

Limited impact if CSRF protections are implemented elsewhere or if admin accounts have additional authentication factors.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires social engineering to trick admin into clicking malicious link, but technical complexity is minimal.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.9 and later

Vendor Advisory: https://wpscan.com/vulnerability/49abe79c-ab1c-4dbf-824c-8daaac7e079d

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Translate WordPress with GTranslate'. 4. Click 'Update Now' if available, or manually update to version 2.9.9+. 5. Verify update completed successfully.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the Translate WordPress with GTranslate plugin until patched

Restrict file access

linux

Block public access to debug files via .htaccess or web server configuration

# Add to .htaccess:
<Files "debug-*.log">
    Order Allow,Deny
    Deny from all
</Files>

🧯 If You Can't Patch

  • Implement CSRF tokens on all admin actions using WordPress nonces
  • Enable two-factor authentication for all admin accounts

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin → Plugins → Installed Plugins. If version is below 2.9.9, you are vulnerable.

Check Version:

wp plugin list --name='Translate WordPress with GTranslate' --field=version

Verify Fix Applied:

Confirm plugin version is 2.9.9 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin login locations/times after cookie theft
  • Unexpected file writes to debug logs in plugin directory

Network Indicators:

  • HTTP requests to plugin files with suspicious parameters
  • Outbound connections to unknown domains after admin login

SIEM Query:

source="wordpress.log" AND ("gtranslate" OR "translate-wordpress") AND ("debug" OR "cookie")

📊 Metadata

CVE ID: CVE-2022-0770
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: March 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0770, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)