HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-9109Published Modified CNA Wordfence

CVE-2026-9109: GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The deterministically derived API key (sha256 of the site URL) is printed in the HTML source of every page via the JavaScript variable gptApiKey, meaning any unauthenticated visitor can retrieve the key and submit malicious translation payloads to the /wp-json/gptranslate/v1/request endpoint without any additional precondition.

Metrics

CVSS v3.1
7.2
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Stored cross-site scripting (XSS) in the GPTranslate WordPress plugin (versions up to and including 2.31) allows any unauthenticated attacker to inject malicious JavaScript into translated page content via the plugin's REST API endpoint. The API key used to authenticate translation requests is derived deterministically from the site URL (SHA-256 hash) and is exposed in every page's HTML source, meaning any visitor can retrieve it and submit poisoned payloads without any additional precondition. Successful exploitation causes injected scripts to execute in the browsers of any user who views an affected page, enabling session theft, credential harvesting, and unauthorized actions on behalf of the victim. No fix version has been published; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images containing the GPTranslate plugin, including custom-built WordPress images. Any image found running GPTranslate at or below version 2.31 is flagged in the registry and pipeline scan results.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 7.2 (HIGH) and applies per-environment compliance policy weighting to determine priority, routing findings to the appropriate team inbox within each customer organization. The scope-changed vector (S:C) is reflected in the triage context, signaling that impact extends beyond the vulnerable component to the browsers of site visitors.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment the upstream maintainer ships a remediated release. For customers who opt into auto-remediation, the rebuild, regression run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the WordPress site's REST API over the network; the /wp-json/gptranslate/v1/request endpoint must be publicly or network-accessible.

  • AuthenticationNot required

    No account or credentials are needed: the API key is derived from the public site URL and printed in every page's HTML source, making it retrievable by any visitor.

  • Victim interactionNot required

    No victim interaction is required to trigger the injected payload; the script executes automatically whenever any user loads a page that contains the stored malicious translation.

  • Attack complexityDetail

    Exploit conditions are straightforward and reliable: the API key derivation is deterministic and the injection endpoint imposes no additional environmental requirements or race conditions.

Blast Radius

  • Injected JavaScript executes in victim browsers and can read session cookies and authentication tokens, allowing an attacker to hijack active WordPress sessions.
  • An attacker can silently capture form input including passwords and payment details entered on any affected page.
  • Injected scripts can perform authenticated actions on behalf of logged-in users, including publishing content, changing account settings, or escalating privileges if an administrator visits a poisoned page.
  • The stored payload persists across all users who view the affected translated content, meaning a single injection attempt can affect a large number of visitors over time.

How HarborGuard Handles This

Available on HarborGuard: scanning detects any image containing GPTranslate at or below version 2.31 and flags the finding at HIGH severity with the scope-changed context noted. Because no upstream patch exists at this time, HarborGuard re-evaluates the advisory on every ingest cycle. In the interim, compensating controls available for review within HarborGuard findings include network-policy isolation that restricts external access to the WordPress REST API, egress filtering to limit what injected scripts can reach, and disabling the GPTranslate translation-storage endpoint via a server-level routing rule or plugin-level feature flag until a patched release is available. For customers who opt into auto-remediation, a rebuilt image, regression test run, and PR against affected workloads will be generated automatically the moment an upstream fix version is published.

See how HarborGuard automates this
Affected packages
  • john-dagelmore / GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites
    ≤ 2.31
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
References