Language Switcher Security & Risk Analysis
wordpress.org/plugins/language-switcherAdd a Language Switcher to Menus, Post Types and Taxonomies.
Is Language Switcher Safe to Use in 2026?
Generally Safe
Score 99/100Language Switcher has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The "language-switcher" v3.8.8 plugin exhibits a mixed security posture. While it has a relatively small attack surface and a good percentage of properly escaped outputs, several critical areas raise concerns. The presence of an unprotected REST API route is a significant vulnerability, allowing unauthorized access and potential manipulation. Furthermore, the static analysis revealed that 100% of SQL queries are not using prepared statements, which is a high risk for SQL injection vulnerabilities, especially when coupled with user-provided input. The vulnerability history, though currently clear of unpatched CVEs, shows a past medium-severity Cross-site Scripting (XSS) vulnerability, indicating that proper input sanitization and output escaping have been areas of weakness in the past. This history, combined with the current lack of nonce and capability checks, suggests a potential for recurring issues if not addressed proactively. The plugin shows strengths in avoiding dangerous functions and file operations, but the unprotected entry points and raw SQL queries necessitate caution.
Key Concerns
- Unprotected REST API route
- Raw SQL queries without prepared statements
- No nonce checks
- No capability checks
- Flows with unsanitized paths
Language Switcher Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting
Language Switcher Release Timeline
Language Switcher Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Language Switcher Attack Surface
REST API Routes 1
Shortcodes 1
WordPress Hooks 26
Maintenance & Trust
Language Switcher Maintenance & Trust
Maintenance Signals
Community Trust
Language Switcher Alternatives
Language Switcher – Polylang for Divi
language-switcher-for-divi-polylang
Language Switcher – Polylang for Divi – Easily add a customizable language switcher to your Divi pages using Polylang.
Language Switcher for Elementor & Polylang
language-switcher-for-elementor-polylang
Easily add a customizable language switcher to your Elementor pages and connect translated Elementor templates using Polylang.
Connect Polylang for Elementor
connect-polylang-elementor
Connect Polylang with Elementor: translated templates, language switcher widget, language visibility conditions and more
Theme and plugin translation for Polylang (TTfP)
theme-translation-for-polylang
Theme and plugin translation using Polylang for WordPress. Extension for Polylang plugin.
Hreflang Manager – Hreflang Implementation for International SEO
hreflang-manager-lite
The Hreflang Manager plugin provides you an easy and reliable method to implement hreflang in WordPress.
Language Switcher Developer Profile
3 plugins · 1K total installs
How We Detect Language Switcher
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/language-switcher/assets/css/settings.css/wp-content/plugins/language-switcher/assets/css/style.css/wp-content/plugins/language-switcher/assets/js/admin-api.js/wp-content/plugins/language-switcher/assets/js/language-switcher.js/wp-content/plugins/language-switcher/assets/js/settings.js/wp-content/plugins/language-switcher/assets/js/widget.js/wp-content/plugins/language-switcher/assets/js/settings.js/wp-content/plugins/language-switcher/assets/js/admin-api.js/wp-content/plugins/language-switcher/assets/js/language-switcher.jslanguage-switcher/assets/css/settings.css?ver=language-switcher/assets/css/style.css?ver=language-switcher/assets/js/admin-api.js?ver=language-switcher/assets/js/language-switcher.js?ver=language-switcher/assets/js/settings.js?ver=language-switcher/assets/js/widget.js?ver=HTML / DOM Fingerprints
lsw-widget-wraplsw_wp_nav_menu_widgetlsw_post_type_widgetlsw_language_switcher_widgetlsw_select_wrap<!-- WPML Integration --><!-- qTranslate Integration --><!-- Polylang Integration --><!-- WPML Language Switcher Integration -->+1 moredata-lsw-post-iddata-lsw-tax-iddata-lsw-term-iddata-lsw-page-iddata-lsw-custom-urllanguageSwitcherSettingslanguageSwitcherAdminApiLanguageSwitcherWidget/wp-json/language-switcher/v1/settings/wp-json/language-switcher/v1/languages[language_switcher][ls][language-switcher-widget]