CVE-2025-9451 Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter

The Smartcat Translator for WPML plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 3.1.72 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress Smartcat Translator for WPML plugin <= 3.1.72 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Smartcat Translator for WPML versions = 3.1.72...