WordPress qTranslate X Cleanup and WPML Import plugin <= 3.0.1 - Broken Access Control vulnerability
CVE-2023-29431

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Qtranslate X Cleanup And WPml Import
Vendor: CVE Published:; 9 December 2024

Summary

The identified vulnerability in OntheGoSystems' qTranslate X Cleanup and WPML Import stems from a missing authorization check. This flaw allows attackers to exploit incorrectly configured access control security levels, leading to the potential for unauthorized actions within these plugins. The issue is present in versions prior to 3.0.1, making it critical for users to review their configurations and update to a secure version to mitigate associated risks.

Affected Version(s)

qTranslate X Cleanup and WPML Import <= 3.0.1

References

https://patchstack.com/database/wordpress/plugin/qtransla...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Apr 6, 2023

Credit

István Márton (Patchstack Alliance)