{"uuid": "eaf9c2db-288d-4764-991a-127c11ce4e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9109", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116741978443656575", "content": "\u26a0\ufe0f HIGH risk: GPTranslate plugin for WordPress (<=2.31) is vulnerable to stored XSS (CVE-2026-9109). Unauthenticated attackers can inject scripts through the exposed REST API. Disable or restrict access until a fix is released. https://radar.offseq.com/threat/cve-2026-9109-cwe-79-improper-neutralization-of-in-ff1b31ef #OffSeq #WordPress #XSS", "creation_timestamp": "2026-06-13T09:00:25.284931Z"}