WP-Safety

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Security & Risk Analysis

wordpress.org/plugins/gptranslate

Featured by WPTuts. Next-generation AI translation plugin that automatically translates WordPress websites in minutes with multilingual SEO AI Agents.

400 active installs v2.28.1 PHP 7.2+ WP + Updated Apr 13, 2026
languagelocalizationmultilingualtranslatetranslation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Safe to Use in 2026?

Generally Safe

Score 100/100

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The gptranslate plugin v2.26 exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices with a high percentage of prepared SQL statements and properly escaped output, several areas present significant concerns. The presence of an unserialize function, coupled with two identified taint flows with unsanitized paths, indicates a potential for critical vulnerabilities if these flows are accessible to unauthenticated users or attackers. Furthermore, the plugin exposes a considerable attack surface with four unprotected entry points across AJAX handlers and REST API routes. The absence of known CVEs is a positive sign, suggesting a generally well-maintained codebase historically. However, the static analysis findings, particularly the sensitive functions and unprotected entry points, suggest that the plugin may be vulnerable to new, undiscovered issues if not addressed. The plugin's strengths lie in its diligent use of prepared statements and output escaping, but the identified risks, especially around unserialize and unsanitized data flows, require immediate attention.

Key Concerns

  • Unprotected AJAX handlers (3)
  • Unprotected REST API route (1)
  • Taint flows with unsanitized paths (2, High severity)
  • Dangerous function: unserialize
Vulnerabilities
None known

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Release Timeline

v2.28.1Current
v2.28
v2.27.10
v2.27.5
v2.27
v2.26
v2.25.2
v2.25.1
v2.25
v2.24
v2.23
v2.22
v2.21
v2.20
v2.19
v2.18.2
v2.18.1
v2.18
v2.17
v2.16.2
Code Analysis
Analyzed Mar 16, 2026

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Code Analysis

Dangerous Functions
1
Raw SQL Queries
6
63 prepared
Unescaped Output
24
2568 escaped
Nonce Checks
15
Capability Checks
11
File Operations
7
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

unserialize$opts = $opts_raw ? unserialize($opts_raw) : [];ajax-handler.php:113

Bundled Libraries

Select2

SQL Query Safety

91% prepared69 total queries

Output Escaping

99% escaped2592 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
__construct (gptranslate.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Attack Surface

Entry Points7
Unprotected4

AJAX Handlers 4

authwp_ajax_gptranslate_toggle_serversidegptranslate.php:1912
authwp_ajax_gptranslate_test_apikeygptranslate.php:2018
authwp_ajax_gptranslate_bulk_deletegptranslate.php:2159
authwp_ajax_gptranslate_migrate_translationsgptranslate.php:2475

REST API Routes 2

POST/wp-json/gptranslate/v1/requestgptranslate.php:2595
GET/wp-json/gptranslate/v1/sitemap.xmlgptranslate.php:2604

Shortcodes 1

[gptranslate] gptranslate.php:2550
WordPress Hooks 48
actionadmin_initgptranslate.php:190
actionadmin_noticesgptranslate.php:287
actionadmin_noticesgptranslate.php:298
actionadmin_menugptranslate.php:323
actionadmin_post_save_gptranslate_recordgptranslate.php:329
actionadmin_post_save_gptranslate_record_and_closegptranslate.php:334
actionadmin_post_cancel_gptranslate_recordgptranslate.php:339
actionwp_enqueue_scriptsgptranslate.php:345
filterscript_loader_taggptranslate.php:1276
actiongptranslate_daily_update_checkgptranslate.php:1843
actionadmin_enqueue_scriptsgptranslate.php:1874
actionadmin_post_gptranslate_export_translations_csvgptranslate.php:2184
actionadmin_post_gptranslate_import_translations_csvgptranslate.php:2220
actionadmin_post_gptranslate_export_translations_xliffgptranslate.php:2303
actionadmin_post_gptranslate_import_translations_xliffgptranslate.php:2349
actionadmin_post_gptranslate_export_xml_sitemapgptranslate.php:2422
actionadmin_post_gptranslate_export_settingsgptranslate.php:2521
actionadmin_post_gptranslate_import_settingsgptranslate.php:2545
actionwp_footergptranslate.php:2574
actionrest_api_initgptranslate.php:2594
actionrest_api_initgptranslate.php:2603
actioninitmultilang-routing.php:135
actioninitmultilang-routing.php:222
filterlanguage_attributesmultilang-routing.php:258
filterwpseo_og_localemultilang-routing.php:405
filterrank_math/opengraph/localemultilang-routing.php:447
actionwp_headmultilang-routing.php:491
filterredirect_canonicalmultilang-routing.php:651
filterrewrite_rules_arraymultilang-routing.php:660
actiontemplate_redirectmultilang-routing.php:672
filterquery_varsmultilang-routing.php:725
actiontemplate_redirectmultilang-routing.php:744
actionwp_headmultilang-routing.php:827
filteraioseo_canonical_urlmultilang-routing.php:941
filterseopress_titles_canonicalmultilang-routing.php:950
filterthe_seo_framework_rel_canonical_outputmultilang-routing.php:958
filterslim_seo_canonical_urlmultilang-routing.php:965
filterjetpack_enable_canonicalmultilang-routing.php:972
filterwpms_canonical_urlmultilang-routing.php:979
filterget_canonical_urlmultilang-routing.php:985
filterwpseo_canonicalmultilang-routing.php:986
filteraioseop_canonical_urlmultilang-routing.php:987
actiontemplate_redirectmultilang-routing.php:998
filterwpseo_canonicalmultilang-routing.php:1014
filterrank_math/frontend/canonicalmultilang-routing.php:1017
filteraioseop_canonical_urlmultilang-routing.php:1020
actiontemplate_redirectmultilang-routing.php:1083
actiontemplate_redirectserverside-translations.php:5

Scheduled Events 1

gptranslate_daily_update_check
Maintenance & Trust

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 13, 2026
PHP min version7.2
Downloads8K

Community Trust

Rating100/100
Number of ratings25
Active installs400
Alternatives

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Alternatives

Polylang

Polylang

polylang

A
94

Go multilingual in a simple and efficient way. Keep writing posts and taxonomy terms as usual while defining their languages all at once.

800K 3 CVEs
WP Multilang – Translation and Multilingual Plugin

WP Multilang – Translation and Multilingual Plugin

wp-multilang

A
98

Multilingual plugin for WordPress. Go Multilingual in minutes with full WordPress support. Translate your site easily with this localization plugin.

10K 1 CVE
wpLingua – Automatic translation – Translate and make website multilingual

wpLingua – Automatic translation – Translate and make website multilingual

wplingua

A
100

Make your websites multilingual and translate them automatically: no word limits, editable translations, SEO-friendly, no coding knowledge needed

2K No CVEs
MotionPoint Express – Website Translation

MotionPoint Express – Website Translation

motionpoint-express

A
100

The plugin enables the integration of MotionPoint Express paid website translation services.

0 No CVEs
Ovesio – Content AI Translation

Ovesio – Content AI Translation

ovesio

A
100

Automatically translate your WordPress into 30+ languages with Ovesio's Content AI Engine.

0 No CVEs
Developer Profile

GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents Developer Profile

JExtensions Store

3 plugins · 2K total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
56 days
View full developer profile
Detection Fingerprints

How We Detect GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gptranslate/assets/css/gptranslate.css/wp-content/plugins/gptranslate/assets/js/gptranslate.js/wp-content/plugins/gptranslate/assets/js/gp-translate-frontend.js
Script Paths
/wp-content/plugins/gptranslate/assets/js/gp-translate-frontend.js
Version Parameters
gptranslate/assets/css/gptranslate.css?ver=gptranslate/assets/js/gptranslate.js?ver=gptranslate/assets/js/gp-translate-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
gptranslate_logogptranslate_flaggptranslate_flags_wrappergptranslate_languagesgptranslate_selectgptranslate_current_languagegptranslate_wrappergptranslate_menu+2 more
HTML Comments
GPTranslate by JExtensions StoreGPTranslate - FREE Mode active
Data Attributes
data-gptranslate-widgetdata-gptranslate-flag
JS Globals
GPTranslateConfig
REST Endpoints
/wp-json/gptranslate/v1/translate/wp-json/gptranslate/v1/get-languages
Shortcode Output
[gptranslate]
FAQ

Frequently Asked Questions about GPTranslate – AI Multilingual Translator to Translate Websites with AI Translation Agents