WP-Safety

Translate WordPress – Google Language Translator Security & Risk Analysis

wordpress.org/plugins/google-language-translator

Translate WordPress with Google Language Translator multilanguage plugin which allows to insert Google Translate widget anywhere on your website.

100K active installs v6.0.20 PHP + WP 2.9+ Updated Jan 11, 2026
languagetranslatetranslate-wordpresstranslationtranslator
97
A · Safe
CVEs total8
Unpatched0
Last CVEDec 13, 2023
Plugin page Download
Safety Verdict

Is Translate WordPress – Google Language Translator Safe to Use in 2026?

Generally Safe

Score 97/100

Translate WordPress – Google Language Translator has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Dec 13, 2023Updated 2mo ago
Risk Assessment

The "google-language-translator" plugin version 6.0.20 exhibits a mixed security posture. While it demonstrates good practices in terms of SQL query sanitization and has no currently unpatched CVEs, several areas raise concerns. The static analysis reveals a notable percentage of improperly escaped output (42%), which presents a potential risk for cross-site scripting (XSS) vulnerabilities, especially given the plugin's vulnerability history which includes "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')". The taint analysis also identified flows with unsanitized paths, although none reached a critical or high severity in this scan, they still indicate areas where input handling might not be robust enough.

The vulnerability history is a significant concern, with 8 known CVEs in total, including 2 high-severity ones. The common vulnerability types highlight a recurring pattern of "Missing Authorization" and "Cross-site Scripting", suggesting that these types of weaknesses have been present in the plugin's past development. While there are currently no unpatched vulnerabilities, this history indicates a need for continued vigilance and potential for new vulnerabilities to emerge. The plugin's strengths lie in its secure SQL handling and lack of unpatched critical issues, but the unescaped output and historical vulnerability trends necessitate caution.

Key Concerns

  • Significant portion of output not properly escaped
  • History of high severity CVEs
  • History of XSS vulnerabilities
  • History of Missing Authorization vulnerabilities
  • Flows with unsanitized paths identified
Vulnerabilities
8

Translate WordPress – Google Language Translator Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2016
2016
3 CVEs in 2021
2021
1 CVE in 2022
2022
2 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

High
2
Medium
6

8 total CVEs

CVE-2023-50375medium · 5.3Missing Authorization

Google Language Translator <= 6.0.19 - Missing Authorization via admin notifications

Dec 13, 2023 Patched in 6.0.20 (41d)
WF-ec894433-53c8-4d04-bb8a-92c66cbd2ce7-google-language-translatormedium · 5.3Missing Authorization

Google Language Translator < 6.0.20 - Missing Authorization to Notice Dismissal

Dec 8, 2023 Patched in 6.0.20 (732d)
CVE-2022-0770high · 8.8Missing Authorization

Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress – Google Language Translator <= 6.0.13 - Missing Authorization to Sensitive Information Disclosure

Mar 7, 2022 Patched in 6.0.14 (687d)
CVE-2021-24594medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Translate WordPress - Google Language Translator <= 6.0.11 - Admin+ Stored Cross-Site Scripting

Oct 5, 2021 Patched in 6.0.12 (840d)
CVE-2021-4452high · 7.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Language Translator <= 6.0.9 - Reflected Cross-Site Scripting

Jul 21, 2021 Patched in 6.0.10 (1183d)
WF-5653f1aa-06da-4208-afa2-19ef31b8be2f-google-language-translatormedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Language Translator <= 6.0.9 - Authenticated Cross-Site Scripting

Jul 20, 2021 Patched in 6.0.10 (917d)
CVE-2016-10870medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Language Translator <= 5.0.05 - Cross-Site Scripting

Apr 18, 2016 Patched in 5.0.06 (2836d)
WF-ea3afa3c-9a88-4f91-a74a-04306639feb5-google-language-translatormedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Google Language Translator <= 4.0.9 - Authenticated Stored Cross-Site Scripting

Aug 13, 2015 Patched in 5.0.0 (3085d)
Code Analysis
Analyzed Mar 16, 2026

Translate WordPress – Google Language Translator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
49
36 escaped
Nonce Checks
3
Capability Checks
1
File Operations
12
External Requests
1
Bundled Libraries
0

Output Escaping

42% escaped85 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
footer_script (google-language-translator.php:346)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Translate WordPress – Google Language Translator Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[google-translator] google-language-translator.php:141
[glt] google-language-translator.php:142
WordPress Hooks 28
actionadmin_menugoogle-language-translator.php:137
actionadmin_initgoogle-language-translator.php:138
actionwp_headgoogle-language-translator.php:139
actionwp_footergoogle-language-translator.php:140
filterwidget_textgoogle-language-translator.php:143
filterwalker_nav_menu_start_elgoogle-language-translator.php:144
actionwp_enqueue_scriptsgoogle-language-translator.php:148
actionadmin_enqueue_scriptsgoogle-language-translator.php:216
actionadmin_footergoogle-language-translator.php:217
actionadmin_initgoogle-language-translator.php:1862
actionadmin_initgoogle-language-translator.php:1864
actionadmin_noticesgoogle-language-translator.php:1867
actionwp_headgoogle-language-translator.php:2235
actionadmin_headgoogle-language-translator.php:2237
actionwp_headgoogle-language-translator.php:2250
actionwp_headgoogle-language-translator.php:2257
filterrest_prepare_postgoogle-language-translator.php:2342
filterrest_prepare_categorygoogle-language-translator.php:2343
filterscript_loader_taggoogle-language-translator.php:2510
filterwoocommerce_get_script_datagoogle-language-translator.php:2512
filterwoocommerce_geolocate_ipgoogle-language-translator.php:2514
actionupdate_option_googlelanguagetranslator_seo_activegoogle-language-translator.php:2576
actionupdate_option_googlelanguagetranslator_url_structuregoogle-language-translator.php:2577
actionupdate_option_googlelanguagetranslator_languagegoogle-language-translator.php:2578
filterlitespeed_optimize_js_excludesgoogle-language-translator.php:2590
filterrocket_exclude_jsgoogle-language-translator.php:2593
filterrocket_minify_excluded_external_jsgoogle-language-translator.php:2594
actionwidgets_initwidget.php:40
Maintenance & Trust

Translate WordPress – Google Language Translator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 11, 2026
PHP min version
Downloads3.4M

Community Trust

Rating94/100
Number of ratings614
Active installs100K
Alternatives

Translate WordPress – Google Language Translator Alternatives

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher

multilanguage

B
76

The ultimate WordPress translation solution with built-in language translator. Create multilingual content, switch languages, and translate your entir &hellip;

3K 1 unpatched
Translate WordPress with GTranslate

Translate WordPress with GTranslate

gtranslate

A
99

Translate WordPress with Google Translate multilanguage plugin to make your website multilingual. Complete multilingual SEO solution for WordPress.

900K 5 CVEs
WPML Shortcodes

WPML Shortcodes

wpml-shortcodes

A
85

Adds shortcodes to the WPML environment, like wpml__, wpml_e and more. Makes WP full WPML ready.

900 No CVEs
WPML Translate Shortcode

WPML Translate Shortcode

wpml-translate-shortcode

A
85

Adds the wpml_translate shortcode to your shortcode suite. You can also use the wpml_text_if_language( $lang, $content ) in your php code.

100 No CVEs
Translate WordPress with Google Languages Translator

Translate WordPress with Google Languages Translator

translate-wp-with-google-languages-translator

A
85

Simple and powerful Google Translator plugin. Use it with a shortcode or with a widget, and make your website multilingual and accessible to everybody &hellip;

80 No CVEs
Developer Profile

Translate WordPress – Google Language Translator Developer Profile

edo888

4 plugins · 1.0M total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
1234 days
View full developer profile
Detection Fingerprints

How We Detect Translate WordPress – Google Language Translator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/google-language-translator/css/style.css/wp-content/plugins/google-language-translator/css/flags.css/wp-content/plugins/google-language-translator/js/main.js
Script Paths
/wp-content/plugins/google-language-translator/js/main.js
Version Parameters
google-language-translator/css/style.css?ver=google-language-translator/css/flags.css?ver=google-language-translator/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
gtranslate_wrappergtranslate_selectorgtranslate_flagsgtranslate_verticalgtranslate_horizontalgtranslate_popupgtranslate_menugtranslate_widget+3 more
Data Attributes
data-gt-translate-inner
JS Globals
googleTranslateElementInit
Shortcode Output
[google-translator][glt]
FAQ

Frequently Asked Questions about Translate WordPress – Google Language Translator