A vulnerability, which was classified as problematic , was found in john-dagelmore GPTranslate Plugin up to 2.31 on WordPress. Affected is an unknown function of the file /wp-json/gptranslate/v1/request of the component Deterministically Derived API Key Handler . Such manipulation of the argument gptApiKey leads to cross site scripting. This vulnerability is referenced as CVE-2026-9109 . It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected compon