GTranslate < 2.8.52 - Unauthenticated Reflected Cross Site Scripting (XSS)

Description

The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.

The vulnerability was due to outputting the WordPress add_query_arg function without prior escaping.

Proof of Concept

http://www.example.com/does_not_exist"><script>alert('XSS')</script><img src=x