WP-Safety

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Security & Risk Analysis

wordpress.org/plugins/gptranslate

Featured by WPTuts. Next-generation AI translation plugin that automatically translates WordPress websites in minutes with multilingual SEO AI Agents.

300 active installs v2.26 PHP 7.2+ WP + Updated Mar 14, 2026
ai-translationmultilingualtranslate-websitetranslationwebsite-translation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Safe to Use in 2026?

Generally Safe

Score 100/100

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 19d ago
Risk Assessment

The gptranslate plugin v2.26 exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices with a high percentage of prepared SQL statements and properly escaped output, several areas present significant concerns. The presence of an unserialize function, coupled with two identified taint flows with unsanitized paths, indicates a potential for critical vulnerabilities if these flows are accessible to unauthenticated users or attackers. Furthermore, the plugin exposes a considerable attack surface with four unprotected entry points across AJAX handlers and REST API routes. The absence of known CVEs is a positive sign, suggesting a generally well-maintained codebase historically. However, the static analysis findings, particularly the sensitive functions and unprotected entry points, suggest that the plugin may be vulnerable to new, undiscovered issues if not addressed. The plugin's strengths lie in its diligent use of prepared statements and output escaping, but the identified risks, especially around unserialize and unsanitized data flows, require immediate attention.

Key Concerns

  • Unprotected AJAX handlers (3)
  • Unprotected REST API route (1)
  • Taint flows with unsanitized paths (2, High severity)
  • Dangerous function: unserialize
Vulnerabilities
None known

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
63 prepared
Unescaped Output
24
2568 escaped
Nonce Checks
15
Capability Checks
11
File Operations
7
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

unserialize$opts = $opts_raw ? unserialize($opts_raw) : [];ajax-handler.php:113

Bundled Libraries

Select2

SQL Query Safety

91% prepared69 total queries

Output Escaping

99% escaped2592 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
__construct (gptranslate.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Attack Surface

Entry Points7
Unprotected4

AJAX Handlers 4

authwp_ajax_gptranslate_toggle_serversidegptranslate.php:1912
authwp_ajax_gptranslate_test_apikeygptranslate.php:2018
authwp_ajax_gptranslate_bulk_deletegptranslate.php:2159
authwp_ajax_gptranslate_migrate_translationsgptranslate.php:2475

REST API Routes 2

POST/wp-json/gptranslate/v1/requestgptranslate.php:2595
GET/wp-json/gptranslate/v1/sitemap.xmlgptranslate.php:2604

Shortcodes 1

[gptranslate] gptranslate.php:2550
WordPress Hooks 48
actionadmin_initgptranslate.php:190
actionadmin_noticesgptranslate.php:287
actionadmin_noticesgptranslate.php:298
actionadmin_menugptranslate.php:323
actionadmin_post_save_gptranslate_recordgptranslate.php:329
actionadmin_post_save_gptranslate_record_and_closegptranslate.php:334
actionadmin_post_cancel_gptranslate_recordgptranslate.php:339
actionwp_enqueue_scriptsgptranslate.php:345
filterscript_loader_taggptranslate.php:1276
actiongptranslate_daily_update_checkgptranslate.php:1843
actionadmin_enqueue_scriptsgptranslate.php:1874
actionadmin_post_gptranslate_export_translations_csvgptranslate.php:2184
actionadmin_post_gptranslate_import_translations_csvgptranslate.php:2220
actionadmin_post_gptranslate_export_translations_xliffgptranslate.php:2303
actionadmin_post_gptranslate_import_translations_xliffgptranslate.php:2349
actionadmin_post_gptranslate_export_xml_sitemapgptranslate.php:2422
actionadmin_post_gptranslate_export_settingsgptranslate.php:2521
actionadmin_post_gptranslate_import_settingsgptranslate.php:2545
actionwp_footergptranslate.php:2574
actionrest_api_initgptranslate.php:2594
actionrest_api_initgptranslate.php:2603
actioninitmultilang-routing.php:135
actioninitmultilang-routing.php:222
filterlanguage_attributesmultilang-routing.php:258
filterwpseo_og_localemultilang-routing.php:405
filterrank_math/opengraph/localemultilang-routing.php:447
actionwp_headmultilang-routing.php:491
filterredirect_canonicalmultilang-routing.php:651
filterrewrite_rules_arraymultilang-routing.php:660
actiontemplate_redirectmultilang-routing.php:672
filterquery_varsmultilang-routing.php:725
actiontemplate_redirectmultilang-routing.php:744
actionwp_headmultilang-routing.php:827
filteraioseo_canonical_urlmultilang-routing.php:941
filterseopress_titles_canonicalmultilang-routing.php:950
filterthe_seo_framework_rel_canonical_outputmultilang-routing.php:958
filterslim_seo_canonical_urlmultilang-routing.php:965
filterjetpack_enable_canonicalmultilang-routing.php:972
filterwpms_canonical_urlmultilang-routing.php:979
filterget_canonical_urlmultilang-routing.php:985
filterwpseo_canonicalmultilang-routing.php:986
filteraioseop_canonical_urlmultilang-routing.php:987
actiontemplate_redirectmultilang-routing.php:998
filterwpseo_canonicalmultilang-routing.php:1014
filterrank_math/frontend/canonicalmultilang-routing.php:1017
filteraioseop_canonical_urlmultilang-routing.php:1020
actiontemplate_redirectmultilang-routing.php:1083
actiontemplate_redirectserverside-translations.php:5

Scheduled Events 1

gptranslate_daily_update_check
Maintenance & Trust

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedMar 14, 2026
PHP min version7.2
Downloads6K

Community Trust

Rating100/100
Number of ratings20
Active installs300
Alternatives

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Alternatives

LocoAI – Auto Translate For Loco Translate

LocoAI – Auto Translate For Loco Translate

automatic-translator-addon-for-loco-translate

A
100

LocoAI - Auto Translate For Loco Translate is a powerful tool for developers looking to quickly translate their WordPress plugins and themes.

80K No CVEs
Translate WordPress with Weglot – Multilingual AI Translation

Translate WordPress with Weglot – Multilingual AI Translation

weglot

A
98

Translate WordPress sites with automatic AI translation into 110+ languages. Multilingual SEO, WooCommerce compatible, 110k+ sites.

60K 2 CVEs
AI Translation For TranslatePress

AI Translation For TranslatePress

automatic-translate-addon-for-translatepress

A
100

Auto-translate unlimited strings and characters using AI & Machine Translation tools without any external API Key!

10K No CVEs
Linguise – AI Automatic Multilingual Translation

Linguise – AI Automatic Multilingual Translation

linguise

A
100

Linguise is a top-quality automatic AI translation with a front-end translation editor. 5' install, SEO-optimized translations, 85+ languages

1K No CVEs
Translate Website & Rank Globally with SEO & GEO – MultiLipi AI Translation

Translate Website & Rank Globally with SEO & GEO – MultiLipi AI Translation

multilipi-multilingual-seo

A
100

Make WordPress multilingual with AI. Translate website & rank globally using built-in SEO + GEO infrastructure (Hreflang, Schema) to grow traffic

70 No CVEs
Developer Profile

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Developer Profile

JExtensions Store

3 plugins · 2K total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
56 days
View full developer profile
Detection Fingerprints

How We Detect GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gptranslate/assets/css/gptranslate.css/wp-content/plugins/gptranslate/assets/js/gptranslate.js/wp-content/plugins/gptranslate/assets/js/gp-translate-frontend.js
Script Paths
/wp-content/plugins/gptranslate/assets/js/gp-translate-frontend.js
Version Parameters
gptranslate/assets/css/gptranslate.css?ver=gptranslate/assets/js/gptranslate.js?ver=gptranslate/assets/js/gp-translate-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
gptranslate_logogptranslate_flaggptranslate_flags_wrappergptranslate_languagesgptranslate_selectgptranslate_current_languagegptranslate_wrappergptranslate_menu+2 more
HTML Comments
GPTranslate by JExtensions StoreGPTranslate - FREE Mode active
Data Attributes
data-gptranslate-widgetdata-gptranslate-flag
JS Globals
GPTranslateConfig
REST Endpoints
/wp-json/gptranslate/v1/translate/wp-json/gptranslate/v1/get-languages
Shortcode Output
[gptranslate]
FAQ

Frequently Asked Questions about GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents