WP-Safety

Language Translation Security & Risk Analysis

wordpress.org/plugins/language-translate

This plugin is used for language translation.

10 active installs v1.0.0 PHP + WP 3.0+ Updated Dec 24, 2014
dealspoststranslatorwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Language Translation Safe to Use in 2026?

Generally Safe

Score 85/100

Language Translation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "language-translate" v1.0.0 plugin exhibits a concerning security posture primarily due to a lack of proper authentication and output escaping. While the plugin does not use dangerous functions, performs SQL queries using prepared statements, and has no known historical vulnerabilities, these positive aspects are overshadowed by significant risks. The static analysis reveals a substantial attack surface with 16 AJAX handlers lacking authentication checks, presenting a direct avenue for unauthorized actions. Furthermore, the taint analysis indicates 5 flows with unsanitized paths, suggesting potential for injection vulnerabilities if these paths are exposed and exploited through the unprotected AJAX endpoints. The complete absence of output escaping for all 110 identified output points is a critical weakness, making stored cross-site scripting (XSS) attacks highly probable. The lack of nonce checks on AJAX handlers further exacerbates this, allowing attackers to forge requests. Despite the absence of historical CVEs and a clean slate in vulnerability history, the current code presents immediate and severe risks.

Key Concerns

  • 16 AJAX handlers without auth checks
  • 5 unsanitized paths in taint analysis
  • 0% output escaping
  • 0 nonce checks
  • 0 capability checks
Vulnerabilities
None known

Language Translation Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Language Translation Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
110
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
1
Bundled Libraries
0

Output Escaping

0% escaped110 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
lt_translate_order_process (includes\lt-public.php:57)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

Language Translation Attack Surface

Entry Points20
Unprotected16

AJAX Handlers 16

authwp_ajax_lt_load_offer_languagesincludes\lt-public.php:504
noprivwp_ajax_lt_load_offer_languagesincludes\lt-public.php:505
authwp_ajax_lt_add_textincludes\lt-public.php:508
noprivwp_ajax_lt_add_textincludes\lt-public.php:509
authwp_ajax_lt_clear_file_metaincludes\lt-public.php:512
noprivwp_ajax_lt_clear_file_metaincludes\lt-public.php:513
authwp_ajax_lt_clear_lang_metaincludes\lt-public.php:516
noprivwp_ajax_lt_clear_lang_metaincludes\lt-public.php:517
authwp_ajax_lt_add_languagesincludes\lt-public.php:520
noprivwp_ajax_lt_add_languagesincludes\lt-public.php:521
authwp_ajax_lt_translate_levelincludes\lt-public.php:524
noprivwp_ajax_lt_translate_levelincludes\lt-public.php:525
authwp_ajax_lt_change_currencyincludes\lt-public.php:528
noprivwp_ajax_lt_change_currencyincludes\lt-public.php:529
authwp_ajax_lt_send_emailincludes\lt-public.php:532
noprivwp_ajax_lt_send_emailincludes\lt-public.php:533

Shortcodes 4

[lt_order] includes\lt-shortcode.php:71
[lt_language] includes\lt-shortcode.php:74
[lt_optional] includes\lt-shortcode.php:77
[lt_thankyou] includes\lt-shortcode.php:80
WordPress Hooks 20
actionadmin_initincludes\admin\lt-admin.php:203
actionsave_postincludes\admin\lt-admin.php:206
actionadmin_initincludes\admin\lt-admin.php:209
actionadmin_menuincludes\admin\lt-admin.php:212
actionadmin_initincludes\admin\lt-admin.php:219
actioninitincludes\lt-post-types.php:102
actionwpincludes\lt-public.php:494
actionlt_open_exchange_ratesincludes\lt-public.php:495
filtertemplate_includeincludes\lt-public.php:498
actionwpincludes\lt-public.php:501
filterlt_get_priceincludes\lt-public.php:536
actionadmin_enqueue_scriptsincludes\lt-scripts.php:27
actionwp_enqueue_scriptsincludes\lt-scripts.php:71
actionlt_order_contentincludes\lt-template-hooks.php:12
actionlt_language_contentincludes\lt-template-hooks.php:15
actionlt_optional_contentincludes\lt-template-hooks.php:18
actionlt_thankyou_contentincludes\lt-template-hooks.php:21
actionlt_order_widget_contentincludes\lt-template-hooks.php:24
actionwidgets_initincludes\widgets\class-lt-order.php:6
actioninitlanguage-translate.php:53

Scheduled Events 2

lt_open_exchange_rates
lt_open_exchange_rates
Maintenance & Trust

Language Translation Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedDec 24, 2014
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Language Translation Alternatives

Recent Posts Widget With Thumbnails

Recent Posts Widget With Thumbnails

recent-posts-widget-with-thumbnails

A
100

List the most recent posts with post titles, thumbnails, excerpts, authors, categories, dates and more!

100K No CVEs
WP Popular Posts

WP Popular Posts

wordpress-popular-posts

A
94

A highly customizable, easy-to-use popular posts plugin!

100K 7 CVEs
WebberZone Top 10 — Popular Posts

WebberZone Top 10 — Popular Posts

top-10

A
94

Track post views and page views, and display popular posts and trending content on your WordPress site.

20K 10 CVEs
Advanced Random Posts Widget

Advanced Random Posts Widget

advanced-random-posts-widget

A
85

Provides flexible and advanced random posts. Display it via shortcode or widget with thumbnails, post excerpt, and much more!

10K No CVEs
Essential Widgets

Essential Widgets

essential-widgets

A
98

Essential Widgets is a WordPress plugin for widgets that allows you to create and add amazing widgets with high customization option

10K 2 CVEs
Developer Profile

Language Translation Developer Profile

eSparkBiz

3 plugins · 210 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Language Translation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/language-translate/assets/css/language-translate.css/wp-content/plugins/language-translate/assets/js/language-translate.js
Script Paths
/wp-content/plugins/language-translate/assets/js/language-translate.js
Version Parameters
language-translate/assets/css/language-translate.css?ver=language-translate/assets/js/language-translate.js?ver=

HTML / DOM Fingerprints

Shortcode Output
[lt_order][/lt_order][lt_language][/lt_language]
FAQ

Frequently Asked Questions about Language Translation