WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)

Description

WordPress Plugin Translate WordPress with GTranslate is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Translate WordPress with GTranslate version 2.8.10 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.8.11 or latest

References

https://www.pluginvulnerabilities.com/2017/02/17/open-redirect-vulnerability-in-gtranslate/

https://wordpress.org/plugins/gtranslate/changelog/

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3180)

GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23818)

WordPress Plugin WP e-Commerce-Clockwork SMS Cross-Site Scripting (2.0.5)

WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3092)

Severity

High

Classification

CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Url Redirection