Cross-Site Request Forgery Vulnerability in Qtranslate Slug for WordPress
CVE-2021-4410
4.3MEDIUM
What is CVE-2021-4410?
The Qtranslate Slug plugin for WordPress suffers from a Cross-Site Request Forgery vulnerability that affects versions up to 1.1.18. This issue arises from inadequate nonce validation in the save_postdata() function, allowing attackers to create forged requests. If a site administrator is tricked into clicking a malicious link, an unauthorized attacker could manipulate post data without authentication, leading to potential unauthorized changes on the WordPress site.
Affected Version(s)
Qtranslate Slug * <= 1.1.18