CVE-2015-9431
The CVE concerns the WordPress plugin qtranslate-x. A CSRF flaw in qtranslate-x prior to version 3.4.4 allows an attacker to induce XSS via requests to wp-admin/options-general.php?page=qtranslate-x with json_config_files or json_custom_i18n_config parameters. This is described in multiple source...