PT-2018-16926 · WordPress · Srbtranslatin

Published

2018-01-12

Updated

2018-01-29

CVE-2018-5369

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SrbTransLatin plugin version 1.46

Description The issue concerns a security problem where an attacker can execute malicious scripts. This is achieved by sending a specific request to the "wp-admin/options-general.php" endpoint with a lang identificator parameter.

Recommendations For SrbTransLatin plugin version 1.46, consider disabling the srbtranslatoptions action until a patch is available. Restrict access to the "wp-admin/options-general.php" endpoint to minimize the risk of exploitation. Avoid using the lang identificator parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-5369

Affected Products

Srbtranslatin

PT-2018-16926 · WordPress · Srbtranslatin

CVE-2018-5369

Weakness Enumeration

Related Identifiers

Affected Products

References · 4