Cross-Site Request Forgery in qTranslate Plugin for WordPress
CVE-2013-3251

Currently unrated

Key Information:

Vendor: Wordpress
Status: Qtranslate
Vendor: CVE Published:; 10 April 2014

Summary

A cross-site request forgery (CSRF) vulnerability exists in the qTranslate plugin for WordPress versions 2.5.34 and earlier. This flaw enables remote attackers to exploit the authentication of administrators, potentially allowing unauthorized changes to important plugin settings. The vulnerability takes advantage of unspecified vectors, leading to possible security breaches within WordPress sites that utilize this plugin. To safeguard against this risk, it is critical for users to update to the latest version of the plugin and implement best practices for web application security.

References

http://secunia.com/advisories/53126

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/93873

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Apr 10, 2014
Vulnerability Reserved
Apr 22, 2013