Does Cyrlitera – Transliteration of Links and File Names have any unpatched vulnerabilities?

No. All known vulnerabilities in Cyrlitera – Transliteration of Links and File Names have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cyrlitera – Transliteration of Links and File Names compatible with WordPress 6.9.4?

According to WordPress.org data, Cyrlitera – Transliteration of Links and File Names 1.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cyrlitera – Transliteration of Links and File Names compatible with PHP 7.4+?

Cyrlitera – Transliteration of Links and File Names requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Cyrlitera – Transliteration of Links and File Names's security score?

Cyrlitera – Transliteration of Links and File Names has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cyrlitera – Transliteration of Links and File Names Security & Risk Analysis

wordpress.org/plugins/cyrlitera

Convert Cyrillic and Georgian URLs and file names to Latin. Works for all post types, pages, and terms. Custom characters, URL redirects & more.

40K active installs v1.3.2 PHP 7.4+ WP 5.6+ Updated Jan 12, 2026

cyr-to-latcyrilliccyrillic-to-latinrus-to-lattransliteration

A · Safe

CVEs total1

Unpatched0

Last CVEJun 27, 2025

Plugin page Download

Safety Verdict

Is Cyrlitera – Transliteration of Links and File Names Safe to Use in 2026?

Generally Safe

Score 99/100

Cyrlitera – Transliteration of Links and File Names has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 27, 2025Updated 2mo ago

Risk Assessment

The cyrlitera plugin v1.3.2 exhibits a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with zero identified entry points that are unprotected. There are also no file operations or external HTTP requests, which are common vectors for compromise. The presence of nonce checks is also a good indicator of security consciousness.

However, concerns arise from the SQL query handling and output escaping. A significant portion of SQL queries (89%) are not using prepared statements, indicating a potential for SQL injection vulnerabilities. Similarly, only one-third of output escaping is properly handled, suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis shows flows with unsanitized paths, though they are not classified as critical or high severity, they still represent a risk. The vulnerability history reveals a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability, which, while patched, indicates a pattern of potential weaknesses.

In conclusion, while cyrlitera has a limited attack surface and some good security practices like nonce checks, the prevalent use of raw SQL queries and insufficient output escaping are significant weaknesses. The past CSRF vulnerability, although resolved, underscores the need for continued vigilance. Developers should prioritize addressing the SQL and output escaping issues to improve the overall security of the plugin.

Key Concerns

High percentage of SQL queries not using prepared statements
Low percentage of output escaping
Flows with unsanitized paths detected
Past medium severity vulnerability (CSRF)

Vulnerabilities

Cyrlitera – Transliteration of Links and File Names Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-53254medium · 4.3Cross-Site Request Forgery (CSRF)

Cyrlitera <= 1.3.0 - Cross-Site Request Forgery

Jun 27, 2025 Patched in 1.3.1 (176d)

Code Analysis

Analyzed Mar 16, 2026

Cyrlitera – Transliteration of Links and File Names Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

11% prepared19 total queries

Output Escaping

33% escaped3 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

redirectFromOldUrls (includes\classes\class-configurate-cyrlitera.php:237)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Cyrlitera – Transliteration of Links and File Names Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

filterwbcr_clr_seo_page_warningsadmin\boot.php:69

actionwbcr/factory/admin_noticesadmin\boot.php:100

filterplugin_row_metaadmin\boot.php:119

filterwbcr_factory_pages_480_imppage_rating_widget_urladmin\boot.php:137

filterwbcr/factory/pages/impressive/widgetsadmin\boot.php:146

actionwbcr_clearfy_configurated_quick_modeadmin\boot.php:162

filterwbcr_clearfy_group_optionsadmin\boot.php:232

actionadmin_noticesclearfy.php:48

actionnetwork_admin_noticesclearfy.php:49

actionadmin_noticescyrlitera.php:143

actionnetwork_admin_noticescyrlitera.php:144

actioninitincludes\3rd-party\class-clearfy-plugin.php:47

actioninitincludes\class-plugin.php:51

filterthemeisle_sdk_productsincludes\class-plugin.php:57

filtersanitize_titleincludes\classes\class-configurate-cyrlitera.php:22

filtersanitize_titleincludes\classes\class-configurate-cyrlitera.php:24

actionadmin_initincludes\classes\class-configurate-cyrlitera.php:27

filtersanitize_file_nameincludes\classes\class-configurate-cyrlitera.php:33

filtersanitize_file_nameincludes\classes\class-configurate-cyrlitera.php:35

actionwpincludes\classes\class-configurate-cyrlitera.php:40

actionasgarosforum_prepare_forumincludes\classes\class-configurate-cyrlitera.php:45

actionasgarosforum_prepare_topicincludes\classes\class-configurate-cyrlitera.php:46

Maintenance & Trust

Cyrlitera – Transliteration of Links and File Names Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 12, 2026

PHP min version7.4

Downloads241K

Community Trust

Rating90/100

Number of ratings52

Active installs40K

Alternatives

Cyrlitera – Transliteration of Links and File Names Alternatives

Cyr to Lat Reloaded – Transliteration of Links and File Names

cyr-and-lat

100

Converts Cyrillic, Georgian, and Greek URLs and file names into readable Latin characters.

30K No CVEs

Cyr-To-Lat

cyr2lat

100

Convert Non-Latin characters in post, page and term slugs to Latin characters.

300K No CVEs

Cyr to Lat Enhanced

cyr3lat

Converts Cyrillic, European and Georgian characters in post, term slugs and media file names into Latin characters.

90K 1 CVE

Bulglish Permalinks

bulglish-permalinks

This plugin converts Bulgarian cyrillic characters in slugs and filenames to Latin characters, according to the official rules for transliteration.

3K No CVEs

Transliterator – Multilingual and Multi-script Text Conversion

serbian-transliteration

100

Universal transliteration for permalinks, posts, tags, categories, media, files, search and more, rendering them universally readable.

3K No CVEs

Developer Profile

Cyrlitera – Transliteration of Links and File Names Developer Profile

Themeisle

37 plugins · 2.2M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

420 days

View full developer profile

Detection Fingerprints

How We Detect Cyrlitera – Transliteration of Links and File Names

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cyrlitera/admin/assets/js/cyrlitera-for-acf.js

Script Paths