CVE-2026-9109 | john-dagelmore GPTranslate Plugin up to 2.31 on WordPress Deterministically Derived API Key request gptApiKey cross site scripting

A vulnerability, which was classified as problematic, was found in john-dagelmore GPTranslate Plugin up to 2.31 on WordPress. Affected is an unknown function of the file /wp-json/gptranslate/v1/request of the component Deterministically Derived API Key Handler. Such manipulation of the argument gptApiKey leads to cross site scripting.

This vulnerability is referenced as CVE-2026-9109. It is possible to launch the attack remotely. No exploit is available.

You should upgrade the affected component.VulDB Recent EntriesRead More