PT-2026-41272 · WordPress · Smartcat Translator For Wpml

·

CVE-2026-4683

·

Published

2026-05-15

·

Updated

2026-05-15

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Name of the Vulnerable Software and Affected Versions Smartcat Translator for WPML versions prior to 3.1.78
Description The plugin is subject to unauthorized data modification because of a missing capability check on the 'routeData' REST endpoint. This flaw allows unauthenticated attackers to overwrite API credentials, including account ID, API secret key, hub key, API host, and hub host. Such an action can lead to the hijacking of the translation service or a denial of service.
Recommendations Update to a version later than 3.1.77. As a temporary workaround, restrict access to the 'routeData' REST endpoint to minimize the risk of exploitation.

Fix

DoS

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-4683

Affected Products

Smartcat Translator For Wpml