Plattform
wordpress
Komponente
quran-translations-by-edc
Behoben in
1.7.1
1.7.1
CVE-2026-4141 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Quran Translations plugin for WordPress. This vulnerability allows unauthenticated attackers to modify plugin settings, potentially altering the display of features like PDF, RSS, and media player links. The issue impacts versions of the plugin up to and including 1.7, and a fix is available in subsequent releases.
An attacker exploiting this XSRF vulnerability can manipulate the Quran Translations plugin's configuration without authentication. This includes toggling display options for PDF, RSS, podcast, and media player links. While the direct impact might seem limited, successful modification of these settings could lead to unexpected behavior, potentially impacting user experience or even introducing further vulnerabilities if the altered settings expose sensitive information or create attack vectors. The lack of proper nonce validation makes the plugin susceptible to malicious requests crafted by an attacker.
CVE-2026-4141 was publicly disclosed on 2026-04-07. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. The relatively low CVSS score suggests a lower probability of widespread exploitation, but the ease of exploitation (no authentication required) warrants attention.
WordPress websites utilizing the Quran Translations plugin, particularly those running versions 1.7 or earlier, are at risk. Shared hosting environments where plugin updates are not consistently managed are also at increased risk, as are sites with weak access controls to the WordPress admin panel.
• wordpress / composer / npm:
grep -r 'quran_playlist_options' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list --status=inactive | grep quran-translations• wordpress / composer / npm:
wp plugin list | grep quran-translationsdisclosure
Exploit-Status
EPSS
0.01% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-4141 is to upgrade the Quran Translations plugin to a version that includes the necessary nonce validation fixes. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out suspicious POST requests to the plugin's settings page. Specifically, look for requests lacking proper nonce headers. Regularly review plugin settings for any unauthorized modifications. After upgrading, confirm the fix by attempting to submit a crafted XSRF request to the plugin's settings page; it should be rejected.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle im Detail und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-4141 is a Cross-Site Request Forgery vulnerability in the Quran Translations WordPress plugin, allowing attackers to modify settings without authentication in versions up to 1.7.
You are affected if your WordPress site uses the Quran Translations plugin version 1.7 or earlier. Upgrade to a patched version to resolve the issue.
Upgrade the Quran Translations plugin to a version newer than 1.7. Consider WAF rules and restricted access to the settings page as temporary mitigations.
There is currently no evidence of active exploitation campaigns targeting CVE-2026-4141.
Check the official Quran Translations plugin page on WordPress.org for updates and security advisories.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.