CSRF Vulnerability in qtranslate-x Plugin for WordPress
CVE-2015-9431
6.5MEDIUM
What is CVE-2015-9431?
The qtranslate-x plugin for WordPress, prior to version 3.4.4, is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to exploit the wp-admin/options-general.php interface. By leveraging this weakness, malicious actors can inject arbitrary script code via the json_config_files or json_custom_i18n_config parameters, leading to XSS attacks that can compromise user data and site integrity.