PT-2026-41272 · WordPress · Smartcat Translator For Wpml
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Smartcat Translator for WPML versions prior to 3.1.78
Description
The plugin is subject to unauthorized data modification because of a missing capability check on the 'routeData' REST endpoint. This flaw allows unauthenticated attackers to overwrite API credentials, including
account ID, API secret key, hub key, API host, and hub host. Such an action can lead to the hijacking of the translation service or a denial of service.Recommendations
Update to a version later than 3.1.77.
As a temporary workaround, restrict access to the 'routeData' REST endpoint to minimize the risk of exploitation.
Fix
DoS
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smartcat Translator For Wpml