WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)

Description

WordPress Plugin Translate WordPress with GTranslate is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Translate WordPress with GTranslate version 2.8.10 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.8.11 or latest

References

https://www.pluginvulnerabilities.com/2017/02/17/open-redirect-vulnerability-in-gtranslate/

https://wordpress.org/plugins/gtranslate/changelog/

Related Vulnerabilities

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2006-0200)

Moodle Improper Check for Dropped Privileges Vulnerability (CVE-2019-14879)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Cross-Site Scripting (1.15.2)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)

WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.98)

Severity

High

Classification

CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Url Redirection