PatchSiren cyber security CVE debrief
CVE-2026-49776 JExtensions Store CVE debrief
CVE-2026-49776 is a critical vulnerability in the GPTranslate – Multilingual AI Translation for WordPress plugin, affecting versions up to and including 2.32.6. The vulnerability is an unauthenticated SQL injection, which has been rated with a CVSS score of 9.3 and a severity of CRITICAL. This vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- JExtensions Store
- Product
- GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the GPTranslate – Multilingual AI Translation for WordPress plugin, particularly those using versions <= 2.32.6, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an unauthenticated SQL injection in the GPTranslate – Multilingual AI Translation for WordPress plugin. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Update to a patched version of the GPTranslate – Multilingual AI Translation for WordPress plugin (if available).
- Refer to [ref-4] for mitigation or vendor reference.
Evidence notes
The vendor of the affected product is currently listed as Unknown Vendor. The canonical source of this vulnerability is reference_domain_weak with low confidence, and one of the evidence is from Patchstack.
Official resources
-
CVE-2026-49776 CVE record
CVE.org
-
CVE-2026-49776 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-49776 was published on 2026-06-15T21:17:22.407Z and last modified on 2026-06-15T21:24:32.790Z.