What the vulnerability does
01Description
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions.
Explanation of Vulnerability in Simple Terms
GPTranslate versions up to 2.32.6 contain a SQL injection vulnerability in an unauthenticated endpoint. An attacker can craft malicious requests to extract sensitive data from the WordPress database, including user credentials and site configuration. The vulnerability requires no user interaction and can be exploited remotely over the network.
What an attacker can do
Extract sensitive data from the WordPress database, including user information and site configuration.
Potential impact on your site
Attackers can read your database contents without logging in, potentially exposing user passwords, email addresses, and private site data.
Conditions required to exploit
Network access to the WordPress site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities