Does Bogo have any unpatched vulnerabilities?

No. All known vulnerabilities in Bogo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bogo compatible with WordPress 6.9.4?

According to WordPress.org data, Bogo 3.9.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Bogo compatible with PHP 7.4+?

Bogo requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bogo updated?

Bogo was last updated on Nov 30, 2025. Frequent updates are generally a positive security signal.

What is Bogo's security score?

Bogo has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bogo Security & Risk Analysis

wordpress.org/plugins/bogo

A straight-forward multilingual plugin. No more double-digit custom DB tables or hidden HTML comments that could cause you headaches later on.

10K active installs v3.9.1 PHP 7.4+ WP 6.7+ Updated Nov 30, 2025

adminlanguagelocalelocalizationmultilingual

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bogo Safe to Use in 2026?

Generally Safe

Score 100/100

Bogo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'bogo' plugin v3.9.1 demonstrates a generally good security posture with several positive indicators. The complete absence of known CVEs and a strong reliance on prepared statements for all SQL queries are significant strengths. Furthermore, the plugin utilizes nonce checks and capability checks extensively, and a high percentage of output is properly escaped. This suggests a developer conscious of common WordPress security pitfalls.

However, the static analysis reveals a notable area of concern: two REST API routes lack permission callbacks. This creates an unprotected attack surface, as these routes could potentially be accessed and manipulated by unauthenticated users, leading to unintended actions or information disclosure. While no critical or high-severity taint flows were identified, the presence of flows with unsanitized paths, even if not reaching a critical severity in this analysis, warrants attention as it indicates potential for unexpected behavior if exploited.

In conclusion, 'bogo' v3.9.1 is reasonably secure due to its strong adherence to fundamental security practices like prepared statements and output escaping, complemented by a clean vulnerability history. The primary weakness lies in the unprotected REST API endpoints, which represents a clear and actionable risk that should be addressed to fully harden the plugin's security.

Key Concerns

REST API routes without permission callbacks
Flows with unsanitized paths identified

Vulnerabilities

None known

Bogo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Bogo Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

108 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared22 total queries

Output Escaping

93% escaped116 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

bogo_tools_page (admin\admin.php:322)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Bogo Attack Surface

Entry Points3

Unprotected2

REST API Routes 2

GET/wp-json/bogo/v1/languagesincludes\rest-api.php:6

GET/wp-json/bogo/v1/posts/(?P<id>\d+)/translationsincludes\rest-api.php:15

Shortcodes 1

[bogo] includes\shortcodes.php:3

WordPress Hooks 78

actionadmin_initadmin\admin.php:10

actionadmin_enqueue_scriptsadmin\admin.php:23

actionadmin_menuadmin\admin.php:135

filterset_screen_option_bogo_texts_per_pageadmin\admin.php:178

filterwp_edit_nav_menu_walkeradmin\includes\nav-menu.php:86

actionwp_update_nav_menu_itemadmin\includes\nav-menu.php:92

filtermanage_pages_columnsadmin\includes\post.php:5

filtermanage_posts_columnsadmin\includes\post.php:12

actionmanage_pages_custom_columnadmin\includes\post.php:31

actionmanage_posts_custom_columnadmin\includes\post.php:35

actionrestrict_manage_postsadmin\includes\post.php:74

filterpost_row_actionsadmin\includes\post.php:115

filterpage_row_actionsadmin\includes\post.php:116

actionadmin_initadmin\includes\post.php:177

actionadd_meta_boxesadmin\includes\post.php:219

filterget_termadmin\includes\terms-translation.php:224

actionbogo_upgradeadmin\includes\upgrade.php:3

actionpersonal_options_updateadmin\includes\user.php:3

actionedit_user_profile_updateadmin\includes\user.php:4

actionpersonal_optionsadmin\includes\user.php:39

actionin_widget_formadmin\includes\widgets.php:3

filterwidget_update_callbackadmin\includes\widgets.php:59

actioninitbogo.php:49

filterpre_determine_localebogo.php:57

filterlocalebogo.php:75

filterquery_varsbogo.php:135

actionwp_enqueue_scriptsbogo.php:144

actioninitincludes\block-editor\block-editor.php:3

actionenqueue_block_editor_assetsincludes\block-editor\block-editor.php:16

filtermap_meta_capincludes\capabilities.php:3

filterwp_kses_allowed_htmlincludes\kses.php:3

filterpost_linkincludes\link-template.php:3

filterpage_linkincludes\link-template.php:25

filterpost_type_linkincludes\link-template.php:64

filteryear_linkincludes\link-template.php:85

filtermonth_linkincludes\link-template.php:92

filterday_linkincludes\link-template.php:99

filterfeed_linkincludes\link-template.php:106

filterauthor_feed_linkincludes\link-template.php:113

filtercategory_feed_linkincludes\link-template.php:120

filtertaxonomy_feed_linkincludes\link-template.php:127

filterpost_type_archive_linkincludes\link-template.php:134

filterpost_type_archive_feed_linkincludes\link-template.php:141

filterterm_linkincludes\link-template.php:151

filterhome_urlincludes\link-template.php:158

actionwp_headincludes\link-template.php:169

filterget_previous_post_joinincludes\link-template.php:230

filterget_next_post_joinincludes\link-template.php:231

filterget_previous_post_whereincludes\link-template.php:246

filterget_next_post_whereincludes\link-template.php:247

filterwp_get_nav_menu_itemsincludes\nav-menu.php:3

filterwp_setup_nav_menu_itemincludes\nav-menu.php:22

filterbloginfoincludes\pomo.php:3

filterget_termincludes\pomo.php:20

actionload-edit-tags.phpincludes\pomo.php:35

actioninitincludes\post.php:5

filterbody_classincludes\post.php:42

filterpost_classincludes\post.php:56

filterget_pagesincludes\post.php:438

actionsave_postincludes\post.php:469

filterpre_wp_unique_post_slugincludes\post.php:537

filterwp_sitemaps_posts_query_argsincludes\post.php:696

actionparse_queryincludes\query.php:3

filterposts_joinincludes\query.php:133

filterposts_whereincludes\query.php:160

filteroption_sticky_postsincludes\query.php:195

filteroption_page_on_frontincludes\query.php:212

filteroption_page_for_postsincludes\query.php:213

actionrest_api_initincludes\rest-api.php:3

actioninitincludes\rewrite.php:3

filterrewrite_rules_arrayincludes\rewrite.php:23

actionadmin_bar_menuincludes\user.php:5

actionwp_after_admin_bar_renderincludes\user.php:12

actionadmin_bar_menuincludes\user.php:21

actionadmin_initincludes\user.php:68

filterinsert_user_metaincludes\user.php:154

actionwidgets_initincludes\widgets.php:5

filterwidget_display_callbackincludes\widgets.php:86

Maintenance & Trust

Bogo Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 30, 2025

PHP min version7.4

Downloads251K

Community Trust

Rating90/100

Number of ratings46

Active installs10K

Alternatives

Bogo Alternatives

Polylang

polylang

Go multilingual in a simple and efficient way. Keep writing posts and taxonomy terms as usual while defining their languages all at once.

800K 3 CVEs

Simple Admin Language Change

simple-admin-language-change

Change your dashboard language quickly and easily from the admin bar as often as you need.

10K 1 CVE

WP Multilang – Translation and Multilingual Plugin

wp-multilang

Multilingual plugin for WordPress. Go Multilingual in minutes with full WordPress support. Translate your site easily with this localization plugin.

10K 1 CVE

WPGlobus

wpglobus

Multilingual/Globalization: URL-based multilanguage with an easy translation interface.

10K 7 CVEs

Admin Locale

admin-locale

This plugin allows you to change the language of the admin panel without changing the whole site language.

7K No CVEs

Developer Profile

Bogo Developer Profile

Rock Lobster Inc.

6 plugins · 11.1M total installs

trust score

Avg Security Score

94/100

Avg Patch Time

1303 days

View full developer profile

Detection Fingerprints

How We Detect Bogo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bogo/includes/css/style.css/wp-content/plugins/bogo/includes/css/style-rtl.css

Script Paths

/wp-content/plugins/bogo/admin/includes/js/index.js

Version Parameters

bogo/style.css?ver=bogo/style-rtl.css?ver=bogo/admin/includes/css/admin.css?ver=bogo/admin/includes/css/admin-rtl.css?ver=bogo/admin/includes/js/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

bogo-language-selector

Data Attributes

data-bogo-language-selector

JS Globals

bogo_obj

REST Endpoints

/wp-json/bogo/v1/languages

FAQ