CVE-2015-5535

Name of the Vulnerable Software and Affected Versions qTranslate plugin versions 2.5.39 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtranslate page to "wp-admin/options-general.php". This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For qTranslate plugin versions 2.5.39 and earlier, update to a version later than 2.5.39 to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/options-general.php" page and the edit parameter to minimize the risk of exploitation.