CVE-2026-4683
The CVE concerns the Smartcat Translator for WPML plugin for WordPress. A missing capability check on the REST endpoint routeData allows unauthenticated modification of data in all versions up to and including 3.1.77. This enables attackers to overwrite the plugin’s Smartcat API credentials (acco...