Does Cyr-To-Lat have any unpatched vulnerabilities?

No. All known vulnerabilities in Cyr-To-Lat have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cyr-To-Lat compatible with WordPress 6.9.4?

According to WordPress.org data, Cyr-To-Lat 6.6.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cyr-To-Lat compatible with PHP 7.2+?

Cyr-To-Lat requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cyr-To-Lat updated?

Cyr-To-Lat was last updated on Nov 30, 2025. Frequent updates are generally a positive security signal.

What is Cyr-To-Lat's security score?

Cyr-To-Lat has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cyr-To-Lat Security & Risk Analysis

wordpress.org/plugins/cyr2lat

Convert Non-Latin characters in post, page and term slugs to Latin characters.

300K active installs v6.6.0 PHP 7.2+ WP 5.3+ Updated Nov 30, 2025

cyrillicslugstranslationtransliteration

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Cyr-To-Lat Safe to Use in 2026?

Generally Safe

Score 100/100

Cyr-To-Lat has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The cyr2lat plugin v6.6.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points indicates a well-contained attack surface. Furthermore, the code's adherence to secure coding practices is evident in the fact that all SQL queries utilize prepared statements and a near-perfect output escaping rate. The presence of nonce and capability checks, although limited, also contributes positively to its security. The plugin's vulnerability history, being completely clean with no recorded CVEs, further reinforces this positive assessment. This suggests a development team that prioritizes security and has successfully mitigated potential risks in previous versions or through robust development practices. Overall, this plugin appears to be a low-risk option, demonstrating excellent adherence to security best practices and a clean track record.

Vulnerabilities

None known

Cyr-To-Lat Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Cyr-To-Lat Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

77 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared7 total queries

Output Escaping

99% escaped78 total outputs

Attack Surface

Cyr-To-Lat Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 36

actionacf/field_group/admin_enqueue_scriptssrc\php\ACF.php:39

actionadmin_noticessrc\php\AdminNotices.php:28

filterlocalesrc\php\BackgroundProcesses\PostConversionProcess.php:65

filterlocalesrc\php\BackgroundProcesses\TermConversionProcess.php:67

actionadmin_initsrc\php\Converter.php:94

actionadmin_initsrc\php\Converter.php:95

actionadmin_initsrc\php\Converter.php:108

actiondoing_it_wrong_runsrc\php\ErrorHandler.php:42

actiondoing_it_wrong_runsrc\php\ErrorHandler.php:43

filterdoing_it_wrong_trigger_errorsrc\php\ErrorHandler.php:44

actiondoing_it_wrong_runsrc\php\ErrorHandler.php:81

actionplugins_loadedsrc\php\Main.php:140

filterlocalesrc\php\Main.php:179

filterctl_localesrc\php\Main.php:187

actionwpml_language_has_switchedsrc\php\Main.php:189

actionwoocommerce_before_template_partsrc\php\Main.php:262

actionwoocommerce_after_template_partsrc\php\Main.php:263

filtersanitize_titlesrc\php\Main.php:270

filtersanitize_file_namesrc\php\Main.php:271

filterwp_insert_post_datasrc\php\Main.php:272

filterpre_insert_termsrc\php\Main.php:273

filterpost_updatedsrc\php\Main.php:274

filterget_terms_argssrc\php\Main.php:277

actionbefore_woocommerce_initsrc\php\Main.php:280

filtersanitize_titlesrc\php\Main.php:363

actionadmin_initsrc\php\Requirements.php:98

actioncurrent_screensrc\php\Settings\Abstracts\SettingsBase.php:171

actionadmin_menusrc\php\Settings\Abstracts\SettingsBase.php:172

actionplugins_loadedsrc\php\Settings\Abstracts\SettingsBase.php:196

actioncurrent_screensrc\php\Settings\Abstracts\SettingsBase.php:203

actioncurrent_screensrc\php\Settings\Abstracts\SettingsBase.php:204

actionadmin_enqueue_scriptssrc\php\Settings\Abstracts\SettingsBase.php:209

actionin_admin_headersrc\php\Settings\Converter.php:58

actioninitsrc\php\Settings\Converter.php:59

filteradmin_footer_textsrc\php\Settings\PluginSettingsBase.php:25

filterupdate_footersrc\php\Settings\PluginSettingsBase.php:26

Maintenance & Trust

Cyr-To-Lat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 30, 2025

PHP min version7.2

Downloads3.1M

Community Trust

Rating94/100

Number of ratings97

Active installs300K

Alternatives

Cyr-To-Lat Alternatives

Cyr to Lat Enhanced

cyr3lat

Converts Cyrillic, European and Georgian characters in post, term slugs and media file names into Latin characters.

90K 1 CVE

Bulglish Permalinks

bulglish-permalinks

This plugin converts Bulgarian cyrillic characters in slugs and filenames to Latin characters, according to the official rules for transliteration.

3K No CVEs

SP RTL (RusToLat)

sp-rtl-rus-to-lat

This plugin converts Cyrillic characters in post, page slugs to Latin characters.

2K No CVEs

HyToLat

hytolat

Converts Armenian characters in post,page and term links to Latin characters.

100 No CVEs

Rus-to-Eng

rus-to-eng

Useful for creating human-readable URLs.

40 No CVEs

Developer Profile

Cyr-To-Lat Developer Profile

Sergey Biryukov

23 plugins · 313K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Cyr-To-Lat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cyr2lat/assets/js/acf-field-group.js/wp-content/plugins/cyr2lat/assets/js/settings.js

Script Paths

/wp-content/plugins/cyr2lat/assets/js/acf-field-group.js/wp-content/plugins/cyr2lat/assets/js/settings.js

Version Parameters

cyr-to-lat-acf-field-group?ver=cyr-to-lat-settings?ver=

HTML / DOM Fingerprints

CSS Classes

ctl-settings-wrap

Data Attributes

data-cyr2lat-field

JS Globals

CyrToLatAcfFieldGroupCyrToLatSettings

FAQ