CVE-2015-9431

Name of the Vulnerable Software and Affected Versions qtranslate-x plugin versions prior to 3.4.4

Description The issue concerns a CSRF with resultant XSS in the qtranslate-x plugin for WordPress. This occurs via the "wp-admin/options-general.php?page=qtranslate-x" page, specifically through the json config files or json custom i18n config parameters.

Recommendations For versions prior to 3.4.4, update to version 3.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/options-general.php?page=qtranslate-x" page to minimize the risk of exploitation. Avoid using the json config files or json custom i18n config parameters in the affected page until the issue is resolved.