Hardeep

**Name of the Vulnerable Software and Affected Versions** GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32 **Description** Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting. Attackers can retrieve a deterministically derived API key from the `gptApiKey` JavaScript variable in the HTML source of any page. This key allows the submission of malicious translation payloads to the '/wp-json/gptranslate/v1/request' endpoint, resulting in the execution of arbitrary web scripts when a user accesses an affected page. **Recommendations** Update to a version later than 2.31.