Does Cyr to Lat Enhanced have any unpatched vulnerabilities?

No. All known vulnerabilities in Cyr to Lat Enhanced have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cyr to Lat Enhanced compatible with WordPress 6.9.4?

According to WordPress.org data, Cyr to Lat Enhanced 3.7.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cyr to Lat Enhanced compatible with PHP 7.4+?

Cyr to Lat Enhanced requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cyr to Lat Enhanced updated?

Cyr to Lat Enhanced was last updated on Feb 10, 2026. Frequent updates are generally a positive security signal.

What is Cyr to Lat Enhanced's security score?

Cyr to Lat Enhanced has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cyr to Lat Enhanced Security & Risk Analysis

wordpress.org/plugins/cyr3lat

Converts Cyrillic, European and Georgian characters in post, term slugs and media file names into Latin characters.

90K active installs v3.7.3 PHP 7.4+ WP 5.0+ Updated Feb 10, 2026

cyrillicrussianslugstransliterationukrainian

A · Safe

CVEs total1

Unpatched0

Last CVEApr 13, 2023

Plugin page Download

Safety Verdict

Is Cyr to Lat Enhanced Safe to Use in 2026?

Generally Safe

Score 99/100

Cyr to Lat Enhanced has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 13, 2023Updated 1mo ago

Risk Assessment

The static analysis of the 'cyr3lat' v3.7.3 plugin reveals a generally positive security posture, with no identified dangerous functions, no raw SQL queries, and all output properly escaped. The absence of identified taint flows and file operations further contributes to this strong foundation. However, a notable concern is the complete lack of nonce checks and capability checks across all identified entry points. While the current static analysis shows zero unprotected entry points, this absence of authentication and authorization checks is a significant weakness that could be exploited if any new entry points are introduced or if the existing ones have overlooked vulnerabilities.

The vulnerability history shows one past high-severity SQL injection vulnerability, which was fortunately patched. The fact that this was the last known vulnerability and is currently unpatched is a positive sign. However, the historical presence of an SQL injection highlights a past area of weakness, and while addressed, it suggests a need for continued vigilance in input validation and sanitization, especially considering the lack of robust authentication mechanisms noted in the static analysis.

In conclusion, the 'cyr3lat' plugin exhibits good practices regarding function usage, SQL query safety, and output escaping. Its vulnerability history is also encouraging with no currently unpatched CVEs. The primary areas for improvement lie in implementing comprehensive nonce and capability checks to ensure proper authentication and authorization, thereby bolstering its overall security against potential future threats.

Key Concerns

No nonce checks found
No capability checks found
Past high severity SQL injection vulnerability

Vulnerabilities

Cyr to Lat Enhanced Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-4290high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Cyr to Lat <= 3.5 - Authenticated SQL Injection

Apr 13, 2023 Patched in 3.7 (285d)

Code Analysis

Analyzed Mar 16, 2026

Cyr to Lat Enhanced Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped4 total outputs

Attack Surface

Cyr to Lat Enhanced Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filterplugin_row_metacyr-to-lat.php:70

filtersanitize_titlecyr-to-lat.php:71

filtersanitize_file_namecyr-to-lat.php:72

Maintenance & Trust

Cyr to Lat Enhanced Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 10, 2026

PHP min version7.4

Downloads658K

Community Trust

Rating92/100

Number of ratings51

Active installs90K

Alternatives

Cyr to Lat Enhanced Alternatives

Cyr-To-Lat

cyr2lat

100

Convert Non-Latin characters in post, page and term slugs to Latin characters.

300K No CVEs

Bulglish Permalinks

bulglish-permalinks

This plugin converts Bulgarian cyrillic characters in slugs and filenames to Latin characters, according to the official rules for transliteration.

3K No CVEs

SP RTL (RusToLat)

sp-rtl-rus-to-lat

This plugin converts Cyrillic characters in post, page slugs to Latin characters.

2K No CVEs

Cyrillic Permalinks

cyrillic-slugs

100

Automatically transliterates Cyrillic letters in permalinks to their Latin phonetic equivalent. Multi-language. Can convert pre-existing permalinks.

300 No CVEs

Rus-to-Eng

rus-to-eng

Useful for creating human-readable URLs.

40 No CVEs

Developer Profile

Cyr to Lat Enhanced Developer Profile

Ivijan-Stefan Stipic

7 plugins · 95K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

285 days

View full developer profile

Detection Fingerprints

How We Detect Cyr to Lat Enhanced

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cyr3lat/css/main.css/wp-content/plugins/cyr3lat/js/main.js

Script Paths

/wp-content/plugins/cyr3lat/js/main.js

Version Parameters

cyr3lat/css/main.css?ver=cyr3lat/js/main.js?ver=

HTML / DOM Fingerprints

FAQ