Primary

Context

Phrase TMS Integration for WordPress Missing Authorization Vulnerability in Log Deletion

Vulnerability

A vulnerability exists in the Phrase TMS Integration for WordPress plugin, affecting all versions through 4.7.5. The issue arises from a lack of proper capability checks on the 'wp_ajax_delete_log' AJAX endpoint, allowing authenticated attackers with Subscriber-level access or higher to delete log files. This unauthorized data modification could lead to potential loss of important log information.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of log files by authenticated users with Subscriber-level access or higher.

Remediation

Users are advised to update the Phrase TMS Integration for WordPress plugin to version 4.7.6 or a newer patched version.

Added: Jan 17, 2026, 5:18 AM

Updated: Jan 17, 2026, 5:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

2.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phrase TMS Integration for WordPress Missing Authorization Vulnerability in Log Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating