cleantalk
Vulnerabilities and Security Researches

Smartcat Integration for WPML, CVE-2026-4683

CVE, Research URL

CVE-2026-4683

Home page URL

Security reports for Smartcat Integration for WPML

Application

Smartcat Integration for WPML

Published on
May 15, 2026
Research Description
The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's Smartcat API credentials (account ID, API secret key, hub key, API host, and hub host), effectively hijacking the translation service or causing a denial of service.
Affected versions
max 3.1.78.
Status
vulnerable
Previous vulnerability researches
Snow Monkey Forms (CVE-2023-28408) , Jun 07, 2024
Snow Monkey Forms (178f7c4537e05e28f7bac32eb5c8627713aafc4e) , Jun 07, 2024
Snow Monkey Forms (CVE-2023-28413) , Jun 07, 2024
Snow Monkey Forms (CVE-2023-32623) , Jun 07, 2024
Snow Monkey Forms (CVE-2026-1056) , Apr 15, 2026
New vulnerability
Notify Odoo (CVE-2026-8425) , May 17, 2026
WPGraphQL (CVE-2021-47959) , May 16, 2026
Smartcat Integration for WPML (CVE-2026-4683) , May 16, 2026
JoomSport – for Sports: Team & League, Football, Hockey & more (CVE-2026-6929) , May 16, 2026
Woocommerce Support System (CVE-2025-14033) , May 16, 2026