Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtHigh-Tech Bridge1337DAY-ID-23972
HistoryAug 07, 2015 - 12:00 a.m.

WordPress qTranslate 2.5.39 Cross Site Scripting Vulnerability

2015-08-0700:00:00
High-Tech Bridge
0day.today
33

0.003 Low

EPSS

Percentile

65.5%

JSON

WordPress qTranslate plugin version 2.5.39 suffers from a cross site scripting vulnerability.

Product: qTranslate WordPress plugin
Vendor: Qian Qin 
Vulnerable Version(s): 2.5.39  and probably prior
Tested Version: 2.5.39 
Advisory Publication:  July 1, 2015  [without technical details]
Vendor Notification: July 1, 2015 
Public Disclosure: July 29, 2015 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-5535
Risk Level: Medium 
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered vulnerability in qTranslate WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against website administrators. Successful exploitation of this vulnerability may allow a remote attacker to gain complete control over the web application, if the victim visits a malicious page with XSS exploit. This vulnerability can also be used to perform drive-by-download or phishing attacks against website administrators. 

Input passed via "edit" HTTP GET parameter to "/wp-admin/options-general.php" is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

A simple exploit below will display a JS popup with "ImmuniWeb" word:

http://wordpress/wp-admin/options-general.php?page=qtranslate&edit=%22%3E%3Cscript%3Ealert%28%2FImmuniWeb%2F%29%3B%3C%2Fscript%3E


-----------------------------------------------------------------------------------------------

Solution:

Disclosure timeline:
2015-07-01 Vendor notified via email, no reply.
2015-07-10 Vendor notified via emails and support thread on the WordPress plugin page, no reply.
2015-07-17 Vendor notified  via emails, no reply.
2015-07-28 Fix requested via emails, no reply.
2015-07-29 Public disclosure.

Currently we are not aware of any official solution from the vendor. As at temporary solution we strongly recommend disabling the vulnerable plugin.

#  0day.today [2018-01-17]  #

Related

prion 1
patchstack 1
packetstorm 1
securityvulns 2
htbridge 1
wpvulndb 1
cve 1
prion
prion
Cross site scripting
2015-08-13 14:59:00
patchstack
patchstack
WordPress qTranslate Plugin <= 2.5.39 - XSS
2015-07-16 00:00:00
packetstorm
packetstorm
WordPress qTranslate 2.5.39 Cross Site Scripting
2015-07-30 00:00:00
securityvulns
securityvulns
Cross-Site Scripting &#40;XSS&#41; in qTranslate WordPress Plugin
2015-08-24 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-08-24 00:00:00
htbridge
htbridge
Cross-Site Scripting (XSS) in qTranslate WordPress Plugin
2015-07-01 00:00:00
wpvulndb
wpvulndb
qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)
2015-07-29 00:00:00
cve
cve
CVE-2015-5535
2015-08-13 14:59:00

0.003 Low

EPSS

Percentile

65.5%

JSON
Related for 1337DAY-ID-23972
prion1patchstack1packetstorm1securityvulns2htbridge1wpvulndb1cve1