Primary

Context

Smartcat Translator for WPML Missing Authorization Vulnerability in WordPress REST API Endpoint

Vulnerability

A vulnerability exists in the Smartcat Translator for WPML WordPress plugin, in all versions up to and including 3.1.77. The issue arises from a lack of proper capability checks on the 'routeData' REST endpoint, allowing unauthorized users to modify plugin settings. Specifically, unauthenticated attackers can overwrite the Smartcat API credentials stored by the plugin, including the account ID, API secret key, hub key, API host, and hub host. This could lead to unauthorized access to the translation service or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for unauthorized modification of plugin settings, specifically the Smartcat API credentials. This could hijack the translation service or cause a denial-of-service condition.

Remediation

Users are advised to update the Smartcat Translator for WPML plugin to version 3.1.78 or later.

Added: May 15, 2026, 12:52 PM

Updated: May 15, 2026, 12:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

8.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Smartcat Translator for WPML Missing Authorization Vulnerability in WordPress REST API Endpoint

Vulnerability

Impact

Remediation

Affected Products

Smartcat Translator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating