Support » Plugin: Global Translator » Xss attack found in Global Translator 1.3.2

Viewing 10 replies - 1 through 10 (of 10 total)
  • We ppl don’t develop that plugin. Nor do we control what is listed in the Plugin Directory. If you have found a serious issues with a plugin, please email However, I think this issue was reported a few days ago.

    well i sent an e-mail to the maker of this plugin
    & gave him to the url to this post.
    we will w8 & see
    but is anyone knows how to go about fixing this
    i’d sure like to know.


    I have looked through the code of the Global Translator plugin and cannot find anywhere that would have generated that code that you posted.

    Global Translator does use cached files, which could have been compromised. It looks like wp-content/gt-cache and wp-content/plugins/global-translator/cache may contain the cache files. I am not sure if there is a way to clear the cache using the plugin, but you could try searching the files within those directories for that code.

    Another point of interest is that we haven’t seen any other reports about malicious code from this plugin and it is pretty popular.

    If you could post a link to a page/post where we could see this code, or perhaps post the code in between backticks as described below the post box here in the forums, we could see the code a little better without having the html interpreted by the browser. As it stands now I cannot see how what you posted is considered a “XSS attack”.

    It would also be best if you didn’t censor the code as does not provide us with much to search on.

    Also keep in mind that the plugin itself could have been compromised and modified, try deleting the plugin and reinstalling it.

    ok I’m not going to post a [moronic expletive deleted] url to my site on here that has to do with an XSS attack but if you give me your e-mail I will give them to you.
    I have bad ppl who would love more then nothing to know about all this thats y I’m trying to keep this some what on the DL.

    I am 100% sure that this hole is in this plugin
    I turned off everything
    & the hole went bye bye
    I would turn on just one of my plugins then test for the XSS
    then turn it off & go to the next one
    until I got to global-translator then it hit & I was like
    I love this plugin & wish it would have been any of my other plugins

    as for the gt-cache
    that only get called up when you use /?gtlang=
    so by having the ja aka Japanese at the end of /?gtlang= the global-translator will look into the gt-cache to see if there is a translation for that page in Japanese
    with out the ?gtlang= your not pulling from the gt-cache.

    & yes there are 2 ways to clear the gt-cache
    the easy way is to ftp to your server & delete them or edit global-translator & remove a commented line for a button to show up in the wp-admin controls for GT to clear the gt-cache.
    y the maker has it commented out along with some other things I don’t know.

    Moderator James Huff


    Volunteer Moderator ๐Ÿš€

    Just a thought, but have you tried deleting and reinstalling the plugin and clearing the cache?

    did that & did not change anything….
    its ok guys we will just have to w8 for the maker to get off his but

    I kind of get the feeling that you ppl think I’m Imagining this
    so I did a inurl:gtlang looking for someone running GT
    I found some others wordpress sites that have global-translator
    & the same XSS works on this site‘”><script>alert(1)</script>
    and all of them‘”><script>alert(1)</script>‘”><script>alert(1)</script>‘”><script>alert(1)</script>
    & thats just the top of the list
    so we really need to find some way to fix this so we can help all of the many wordpress bloggers out there on the net running GT

    Moderator James Huff


    Volunteer Moderator ๐Ÿš€

    Have you considered the possibility that the developer just doesn’t monitor the forums over here? The following is from the plugin’s page on the developer’s site:

    Bug submission is an important aspect of many Open Source projects, and submitting bugs correctly increases the chances of the developer finding and fixing any problems that may arise.
    If you want to submit bug issues, please use the Contact form and remember to specify the following informations:
    – the version of the plugin youโ€™re using
    – a full description of the problem (and the error message if available)

    oh he knows all about it now
    I have been in talks with him over e-mail
    the hard part is I’m in the US & he is in IT

    just an update on whats going on
    we now know that this one‘”><script>alert(1)</script>
    has nothing to do with GT

    but the others do!!!
    any one of the XSS’s here will work on the sites listed
    reposting this with the tags that apply to the GT matter at hand.‘”><script>alert(1)</script>‘”><script>alert(1)</script>‘”><script>alert(1)</script>

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Xss attack found in Global Translator 1.3.2’ is closed to new replies.