Does AI Translator for Polylang have any unpatched vulnerabilities?

No. All known vulnerabilities in AI Translator for Polylang have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AI Translator for Polylang compatible with WordPress 6.9.4?

According to WordPress.org data, AI Translator for Polylang 1.5.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AI Translator for Polylang compatible with PHP 7.0+?

AI Translator for Polylang requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AI Translator for Polylang updated?

AI Translator for Polylang was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is AI Translator for Polylang's security score?

AI Translator for Polylang has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AI Translator for Polylang Security & Risk Analysis

wordpress.org/plugins/ai-translator-for-polylang

WordPress plugin that automatically translates content using AI, seamlessly integrating with Polylang. This is not an official plugin of Polylang.

70 active installs v1.5.1 PHP 7.0+ WP 5.0+ Updated Mar 5, 2026

aiautomatic-translationpolylangtranslatetranslator

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is AI Translator for Polylang Safe to Use in 2026?

Generally Safe

Score 100/100

AI Translator for Polylang has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "ai-translator-for-polylang" v1.5.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries, exclusively using prepared statements, and a high percentage of properly escaped outputs. The absence of known vulnerabilities and critical taint flows is also a significant strength, suggesting a generally well-maintained codebase regarding common exploitation vectors. The plugin also utilizes nonce checks, indicating an awareness of CSRF protection.

However, a major concern arises from the substantial attack surface presented by its AJAX handlers, with all 14 identified handlers lacking authentication checks. This creates a significant risk of unauthorized access and potential manipulation of plugin functionalities by unauthenticated users. While the REST API routes are properly permission-checked, the unprotected AJAX endpoints are a glaring weakness. The presence of file operations and external HTTP requests, although not explicitly flagged as vulnerable in the static analysis, warrants careful consideration in conjunction with the unprotected AJAX handlers, as they could potentially be abused if an attacker finds a way to trigger them.

Overall, the plugin's strong foundation in secure SQL and output handling is commendable. However, the extensive exposure of AJAX functionality without authentication is a critical security flaw that overshadows these strengths. The lack of historical vulnerabilities is reassuring but does not mitigate the immediate risks posed by the identified unprotected entry points. A balance is struck between good coding practices and a significant, directly exploitable vulnerability in its current configuration.

Key Concerns

Large attack surface without auth (AJAX)
High percentage of unprotected AJAX handlers
Bundled Freemius v1.0

Vulnerabilities

None known

AI Translator for Polylang Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

AI Translator for Polylang Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

89 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared11 total queries

Output Escaping

81% escaped110 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

save_credits_license (admin\class-polylai-translator-admin.php:298)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

AI Translator for Polylang Attack Surface

Entry Points15

Unprotected14

AJAX Handlers 14

authwp_ajax_polylai_get_post_tr_statusincludes\class-polylai-translator.php:212

authwp_ajax_polylai_enqueue_translationsincludes\class-polylai-translator.php:213

authwp_ajax_polylai_enqueue_bulkincludes\class-polylai-translator.php:214

authwp_ajax_polylai_logsincludes\class-polylai-translator.php:215

authwp_ajax_polylai_logs_downloadincludes\class-polylai-translator.php:216

authwp_ajax_polylai_save_credits_licenseincludes\class-polylai-translator.php:217

authwp_ajax_polylai_translation_modalincludes\class-polylai-translator.php:218

authwp_ajax_polylai_pricingincludes\class-polylai-translator.php:219

authwp_ajax_polylai_historyincludes\class-polylai-translator.php:220

authwp_ajax_polylai_progressincludes\class-polylai-translator.php:221

authwp_ajax_polylai_triggerincludes\class-polylai-translator.php:222

authwp_ajax_polylai_add_translationincludes\class-polylai-translator.php:223

authwp_ajax_polylai_stop_all_translationsincludes\class-polylai-translator.php:224

authwp_ajax_polylai_count_postsincludes\class-polylai-translator.php:225

REST API Routes 1

GET/wp-json/polylai/v1/cronadmin\class-polylai-translator-admin.php:322

WordPress Hooks 19

actionwp_loadedincludes\class-polylai-translator-cron.php:43

actionwp_loadedincludes\class-polylai-translator-cron.php:55

actioninitincludes\class-polylai-translator.php:175

actionadmin_enqueue_scriptsincludes\class-polylai-translator.php:176

actionadmin_enqueue_scriptsincludes\class-polylai-translator.php:177

actionadmin_menuincludes\class-polylai-translator.php:178

actionadmin_initincludes\class-polylai-translator.php:179

actionadmin_initincludes\class-polylai-translator.php:180

actionadmin_initincludes\class-polylai-translator.php:181

actionadmin_noticesincludes\class-polylai-translator.php:182

actionadmin_noticesincludes\class-polylai-translator.php:183

filtermanage_trip_posts_columnsincludes\class-polylai-translator.php:184

filterpost_row_actionsincludes\class-polylai-translator.php:185

filterpage_row_actionsincludes\class-polylai-translator.php:192

actionplugin_action_links_polylai-translator/polylai-translator.phpincludes\class-polylai-translator.php:226

actionrest_api_initincludes\class-polylai-translator.php:227

actioninitincludes\class-polylai-translator.php:228

actioninitincludes\class-polylai-translator.php:229

actionplugins_loadedincludes\class-polylai-translator.php:230

Maintenance & Trust

AI Translator for Polylang Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.0

Downloads6K

Community Trust

Rating100/100

Number of ratings10

Active installs70

Alternatives

AI Translator for Polylang Alternatives

PolyTranslate AI for Polylang

polytranslate-ai

100

AI automatic translation for Polylang. Translate posts, pages, WooCommerce, ACF, SEO meta & custom fields using OpenAI, DeepL, Google or OpenRouter.

100 No CVEs

Translate WordPress with Weglot – Multilingual AI Translation

weglot

Translate WordPress sites with automatic AI translation into 110+ languages. Multilingual SEO, WooCommerce compatible, 110k+ sites.

60K 2 CVEs

AI Translation For TranslatePress

automatic-translate-addon-for-translatepress

100

Auto-translate unlimited strings and characters using AI & Machine Translation tools without any external API Key!

10K No CVEs

Polylang Duplicate Content Addon

duplicate-content-addon-for-polylang

100

Duplicate your original post/page content into other languages in one click with the Polylang Duplicate Content addon.

10K No CVEs

AutoPoly – AI Translation For Polylang

automatic-translations-for-polylang

100

AI Translation For Polylang simplifies your translation process by automatically translating all pages/posts content from one language to another.

3K No CVEs

Developer Profile

AI Translator for Polylang Developer Profile

Matches LLC

2 plugins · 70 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AI Translator for Polylang

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ai-translator-for-polylang/admin/css/style.css/wp-content/plugins/ai-translator-for-polylang/admin/css/polylai-translator-author.css/wp-content/plugins/ai-translator-for-polylang/admin/js/polylai-translator-admin.js

Script Paths

https://cdn.jsdelivr.net/npm/alpinejs@3.14.8/dist/cdn.min.js

Version Parameters

ai-translator-for-polylang/admin/css/style.css?ver=ai-translator-for-polylang/admin/css/polylai-translator-author.css?ver=polylai-translator-admin?ver=

HTML / DOM Fingerprints

CSS Classes

polylaitr-link

Data Attributes

data-iddata-nonce

JS Globals

polylaiVars

FAQ