Open digitao168 opened 5 years ago
herrvigg
commented
5 years ago @discus2013 what do these two versions (2.5.34 and 2.5.39) correspond to? This looks like a plugin checking all releases (from github or wordpress?). But qTranslate-XT is currently in version 3.6.0 so these warnings should be obsolete. Otherwise i don't understand what it is about.
digitao168
commented
5 years ago @discus2013 what do these two versions (2.5.34 and 2.5.39) correspond to? This looks like a plugin checking all releases (from github or wordpress?). But qTranslate-XT is currently in version 3.6.0 so these warnings should be obsolete. Otherwise i don't understand what it is about.
Any chance qTranslate-XT 3.6.0 is still using some part of qTranslate 2.5.34 or 2.5.39 which caused this warning?
herrvigg
commented
5 years ago @discus2013 I tried Vulnerable Plugin Checker. It uses actually data from WPScan found here: https://wpvulndb.com/search?utf8=%E2%9C%93&text=qtranslate&vuln_type=
Interesting. I still don't know how this relates precisely to qTranslate-XT or if it's obsolete but it's something we should look at. One problem now is that we don't have any official repo at Wordpress.com so i guess WPScan cannot do its work on qTranslate-XT. But this problem should disappear once we have migrated to the new repo.
herrvigg
commented
5 years ago The XSS warning could be related to https://github.com/qtranslate/qtranslate-xt/issues/639. For validation it would be good if we could perform a manual WPScan out of the official repos.
Hi there,
I installed qTranslate-XT on WordPress 5.1.1 and got the following warning from Vulnerable Plugin Checker:
qTranslate-XT has a known vulnerability that may be affecting this version. Please update this plugin.
qTranslate 2.5.34 - Setting Manipulation CSRF qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)