qTranslate X <= 3.4.3 – Authenticated Reflected Cross-Site Scripting (XSS) | CVE 2015-9431

Affects Plugins

qtranslate-x

Fixed in 3.4.4

References

CVE

CVE-2015-9431

URL

http://cinu.pl/research/wp-plugins/mail_1a40d7e7a2c29847b939f2c7472c335e.html

URL

http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.5 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

02b647fb-2e86-4d67-aee6-9faf772d805a

Timeline

Publicly Published

2015-08-21 (about 10 years ago)

Added

2015-11-24 (about 10 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2021-09-21

Title

Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

Published

2023-09-05

Title

User Submitted Posts < 20230901 - Contributor+ Stored XSS via Shortcode

Published

2024-08-15

Title

WordPress File Upload < 4.24.9 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

Published

2026-04-03

Title

Xpro Addons — 140+ Widgets for Elementor < 1.4.21 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-01-17

Title

Tantyyellow <= 1.0.0.5 - Reflected Cross-Site Scripting