HIGH
john-dagelmore
CVE published 2026-06-13
CVE-2026-9109
The GPTranslate – Multilingual AI Translation for WordPress plugin is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage. This vulnerability affects all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute when a user accesses an injected page. The [truncated]