Does ICanLocalize Translator have any unpatched vulnerabilities?

No. All known vulnerabilities in ICanLocalize Translator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ICanLocalize Translator compatible with WordPress 2.7?

According to WordPress.org data, ICanLocalize Translator 1.3.1 has been tested up to WordPress 2.7. Check the plugin's changelog for the latest compatibility information.

How often is ICanLocalize Translator updated?

ICanLocalize Translator was last updated on Feb 5, 2009. Frequent updates are generally a positive security signal.

What is ICanLocalize Translator's security score?

ICanLocalize Translator has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ICanLocalize Translator Security & Risk Analysis

wordpress.org/plugins/icanlocalize-translator

Allows running multilingual WordPress sites with zero management. Automatically creates and updates translation when you edit.

10 active installs v1.3.1 PHP + WP 2.5.1+ Updated Feb 5, 2009

i18nlanguagelocalizationmultilingualtranslation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ICanLocalize Translator Safe to Use in 2026?

Generally Safe

Score 85/100

ICanLocalize Translator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago

Risk Assessment

The icanlocalize-translator v1.3.1 plugin exhibits a concerning security posture despite having no recorded historical vulnerabilities. The static analysis reveals several significant weaknesses that warrant attention. While the plugin has a zero attack surface in terms of accessible entry points like AJAX handlers, REST API routes, or shortcodes, this is overshadowed by critical code-level issues.

The presence of dangerous functions like `shell_exec` and `unserialize` is a major red flag, especially when combined with a low percentage of properly escaped output (only 25%) and a complete absence of nonce and capability checks. The taint analysis further highlights risks, with all analyzed flows (4 out of 4) showing unsanitized paths and 3 of those being of high severity. This strongly suggests potential for code injection or other serious vulnerabilities if user-supplied data can reach these dangerous functions without proper sanitization and validation.

The plugin's clean vulnerability history might indicate good development practices or simply a lack of public discovery. However, the current static analysis findings are too severe to ignore. The combination of dangerous functions, poor output escaping, lack of authorization checks, and identified high-severity taint flows presents a significant risk. While the plugin has no known CVEs, the internal code quality issues indicate a high potential for newly discovered vulnerabilities.

Key Concerns

Dangerous functions (shell_exec, unserialize)
Low percentage of properly escaped output
No nonce checks
No capability checks
High severity taint flows
SQL queries with low prepared statement usage
Flows with unsanitized paths

Vulnerabilities

None known

ICanLocalize Translator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ICanLocalize Translator Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

123

40 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_execshell_exec($mysqldump . ' -h ' . DB_HOST . ' -u ' . DB_USER . ' -p' . DB_PASSWORD . ' ' . DB_NAME . debug.php:47

unserialize$el = unserialize($post_request->cms_request_languages);inc\icanlocalize.class.php:253

unserialize(is_array(unserialize($post_request->cms_request_languages)) && $this_languages!=unserialize($post_rinc\icanlocalize.class.php:416

unserialize$el = unserialize($post_request->cms_request_languages);inc\icanlocalize.class.php:642

unserialize$languages = unserialize($item->cms_request_languages);inc\icanlocalize.class.php:1251

SQL Query Safety

3% prepared64 total queries

Output Escaping

25% escaped163 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

admin_notices (inc\icanlocalize.class.php:312)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ICanLocalize Translator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

actioninitinc\icanlocalize.class.php:10

actioninitinc\icanlocalize.class.php:12

actionadmin_noticesinc\icanlocalize.class.php:13

actionsave_postinc\icanlocalize.class.php:15

actiondelete_postinc\icanlocalize.class.php:17

actionadmin_menuinc\icanlocalize.class.php:18

actionadmin_headinc\icanlocalize.class.php:21

actionadmin_headinc\icanlocalize.class.php:22

actionadmin_headinc\icanlocalize.class.php:25

actionadmin_headinc\icanlocalize.class.php:28

filtermanage_posts_columnsinc\icanlocalize.class.php:33

actionmanage_posts_custom_columninc\icanlocalize.class.php:34

filtermanage_pages_columnsinc\icanlocalize.class.php:37

actionmanage_pages_custom_columninc\icanlocalize.class.php:38

filterxmlrpc_methodsinc\icanlocalize.class.php:42

actioninitinc\template-functions.php:145

actionwp_headinc\template-functions.php:149

Maintenance & Trust

ICanLocalize Translator Maintenance & Trust

Maintenance Signals

WordPress version tested2.7

Last updatedFeb 5, 2009

PHP min version

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

ICanLocalize Translator Alternatives

Multilify

multilify

100

Powerful multilingual content management for WordPress with custom slugs and SEO optimization.

0 No CVEs

Loco Translate

loco-translate

Translate WordPress plugins and themes directly in your browser. Versatile PO file editor with integrated AI translation providers.

1.0M 3 CVEs

Polylang

polylang

Go multilingual in a simple and efficient way. Keep writing posts and taxonomy terms as usual while defining their languages all at once.

800K 3 CVEs

WP Multilang – Translation and Multilingual Plugin

wp-multilang

Multilingual plugin for WordPress. Go Multilingual in minutes with full WordPress support. Translate your site easily with this localization plugin.

10K 1 CVE

Preferred Languages

preferred-languages

Choose languages for displaying WordPress in, in order of preference.

2K 1 CVE

Developer Profile

ICanLocalize Translator Developer Profile

Amir Helzer

9 plugins · 108K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

53 days

View full developer profile

Detection Fingerprints

How We Detect ICanLocalize Translator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/icanlocalize-translator/inc/icanlocalize.css/wp-content/plugins/icanlocalize-translator/inc/icanlocalize.js

Script Paths

/wp-content/plugins/icanlocalize-translator/inc/icanlocalize.js

Version Parameters

icanlocalize-translator/inc/icanlocalize.css?ver=icanlocalize-translator/inc/icanlocalize.js?ver=

HTML / DOM Fingerprints

CSS Classes

lang_sel_sel

Data Attributes

data-icl-language

JS Globals

ICanLocalizeiclt_language_selector

Shortcode Output

<div id="lang_sel">

FAQ