How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Translate WordPress with GTranslate < 2.9.9 - CSRF to Account Takeover

Description

The plugin does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page

Proof of Concept

Make a logged in admin (or any other account you want to gain access to) open

https://example.com/wp-content/plugins/gtranslate/url_addon/gtranslate.php?glang=es&gurl=PoC&enable_debug

Then access https://example.com/wp-content/plugins/gtranslate/url_addon/debug.txt to get the users cookies

Affects Plugins

Fixed in version 2.9.9

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Diogo Real

Verified

Yes

WPVDB ID

49abe79c-ab1c-4dbf-824c-8daaac7e079d

Timeline

Publicly Published

2022-03-07 (about 9 months ago)

Added

2022-03-07 (about 9 months ago)

Last Updated

2022-04-08 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin