Vulnerabilities and security researches formy-wp-translate my-wp-translate

Apr 25, 2026

CVE, Research URL: CVE-2025-8423
Home page URL: Security reports for My WP Translate
Application: My WP Translate
Date: Sep 11, 2025
Research Description: The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtswpt_remove_plugin() and ajax_update_export_code() functions in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and delete arbitrary WordPress options which can cause a denial of service.
Affected versions: max 1.1.
Status: vulnerable

Oct 11, 2025

CVE, Research URL: CVE-2025-8425
Home page URL: Security reports for My WP Translate
Application: My WP Translate
Date: Sep 11, 2025
Research Description: The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_import_strings() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Affected versions: max 1.1.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2017-18569
Home page URL: Security reports for My WP Translate
Application: My WP Translate
Date: Aug 20, 2019
Research Description: The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
Affected versions: max 1.0.4.
Status: vulnerable

CVE, Research URL: CVE-2017-18568
Home page URL: Security reports for My WP Translate
Application: My WP Translate
Date: Aug 20, 2019
Research Description: The my-wp-translate plugin before 1.0.4 for WordPress has XSS.
Affected versions: max 1.0.4.
Status: vulnerable