Unauthorized Data Modification in Smartcat Translator for WPML Plugin by WordPress
CVE-2026-4683

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Smartcat Translator For WPml
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-4683?

The Smartcat Translator for WPML plugin is susceptible to unauthorized data modification resulting from an overlooked capability check on the 'routeData' REST endpoint. This flaw is present in all versions up to and including 3.1.77. As a result, attackers without authentication can change sensitive data such as the API credentials used for Smartcat services. This breach can lead to service hijacking, enabling attackers to disrupt translation services or compromise user data.

Affected Version(s)

Smartcat Translator for WPML 0 <= 3.1.77

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/smartcat-wpml/...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Alexis Lafontaine

CVE-2026-4683 Data

JSON