{"vulnerability": "CVE-2026-9109", "sightings": [{"uuid": "aa1df1df-d5b8-449f-8778-af3de3939d52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9109", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mo64mw5fh52m", "content": "WordPress\u30d7\u30e9\u30b0\u30a4\u30f3GPTranslate\u306e\u5168\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3001REST API\u7ffb\u8a33\u4fdd\u5b58\u306bStored XSS\u8106\u5f31\u6027\u3002\u7121\u8a8d\u8a3c\u653b\u6483\u8005\u306f\u3001\u4efb\u610f\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u6ce8\u5165\u3057\u3001\u30e6\u30fc\u30b6\u30fc\u30a2\u30af\u30bb\u30b9\u6642\u306b\u5b9f\u884c\u3055\u305b\u308b\u53ef\u80fd\u2026\nCVE-2026-9109 CVSS 7.2 | HIGH", "creation_timestamp": "2026-06-13T11:10:57.997438Z"}, {"uuid": "eaf9c2db-288d-4764-991a-127c11ce4e9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9109", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116741978443656575", "content": "\u26a0\ufe0f HIGH risk: GPTranslate plugin for WordPress (<=2.31) is vulnerable to stored XSS (CVE-2026-9109). Unauthenticated attackers can inject scripts through the exposed REST API. Disable or restrict access until a fix is released. https://radar.offseq.com/threat/cve-2026-9109-cwe-79-improper-neutralization-of-in-ff1b31ef #OffSeq #WordPress #XSS", "creation_timestamp": "2026-06-13T09:00:25.284931Z"}, {"uuid": "fe183b42-4ac8-422f-9575-7bfe5c32142f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-9109", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mo5vdj745l2x", "content": "GPTranslate for WordPress (<=2.31) hit by HIGH severity stored XSS (CVE-2026-9109). Unauthenticated attackers can inject scripts via REST API. Disable or restrict plugin until patched. https://radar.offseq.com/threat/cve-2026-9109-cwe-79-improper-neutralization-of-in-ff1b31ef #OffSeq #WordPress #XSS", "creation_timestamp": "2026-06-13T09:01:21.400845Z"}, {"uuid": "7ec90d66-502b-4ae6-b74f-beaea8aa59a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9109", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mo5xpx7rfc2t", "content": "CVE-2026-9109 - GPTranslate\nCVE ID : CVE-2026-9109\n \n Published : June 13, 2026, 7:16 a.m. | 23\u00a0minutes ago\n \n Description : The GPTranslate \u2013 Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Sc...", "creation_timestamp": "2026-06-13T09:44:36.931970Z"}, {"uuid": "f99395f4-cf93-4ad2-b43b-aa934e64b114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-9109", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mo6gp73avs2d", "content": "CVE-2026-9109 - Stored XSS in GPTranslate WordPress plugin. Unauthenticated attackers can inject scripts affecting all site visitors. CVSS 7.2. No patch available \u2013 disable or isolate immediately. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-9109/", "creation_timestamp": "2026-06-13T14:11:11.652035Z"}]}