CSRF Vulnerability in qtranslate-x Plugin for WordPress
CVE-2015-9431

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Qtranslate X
Vendor: CVE Published:; 26 September 2019

What is CVE-2015-9431?

The qtranslate-x plugin for WordPress, prior to version 3.4.4, is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to exploit the wp-admin/options-general.php interface. By leveraging this weakness, malicious actors can inject arbitrary script code via the json_config_files or json_custom_i18n_config parameters, leading to XSS attacks that can compromise user data and site integrity.