WordPress Smartcat Translator for WPML plugin <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by Alexis Lafontaine in WordPress Plugin Smartcat Translator for WPML versions = 3.1.77...

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

CVE-2026-4683 Smartcat Translator for WPML <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

WordPress plugin Smartcat Translator for WPML 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2025-27646

Malicious code in bioql PyPI...

CVE-2025-9451

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-9451

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-9451

The CVE relates to the WordPress plugin Smartcat Translator for WPML. It describes a time-based SQL injection via the orderby parameter in all versions up to 3.1.69, caused by insufficient escaping of user input and inadequate preparation of the SQL query. The vulnerability requires authenticatio...

CVE-2025-9451 Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress Smartcat Translator for WPML plugin <= 3.1.72 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Smartcat Translator for WPML versions = 3.1.72...

PT-2025-37143

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.69 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress plugin Smartcat Translator for WPML SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...