WP-Safety

Ray Enterprise Translation Security & Risk Analysis

wordpress.org/plugins/lingotek-translation

Convenient cloud-based localization and translation for WordPress.

10K active installs v1.7.2 PHP + WP 3.8+ Updated Jan 28, 2026
automationbilingualinternationallanguagelingotek
65
C · Use Caution
CVEs total4
Unpatched1
Last CVESep 5, 2025
Plugin page Download
Safety Verdict

Is Ray Enterprise Translation Safe to Use in 2026?

Use With Caution

Score 65/100

Ray Enterprise Translation has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

4 known CVEs 1 unpatched Last CVE: Sep 5, 2025Updated 2mo ago
Risk Assessment

The Lingotek Translation plugin (v1.7.2) exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices with a high percentage of prepared SQL statements and properly escaped output, significant concerns remain. The presence of two unprotected AJAX handlers significantly increases the attack surface, as these can be exploited without proper authentication, potentially leading to unauthorized actions. The taint analysis, while reporting no critical or high severity issues, does indicate a concerning number of flows with unsanitized paths, which could be a precursor to vulnerabilities if input validation is not robust.

The plugin's vulnerability history is a major red flag. With four known CVEs, including one critical and one high severity, and a currently unpatched critical vulnerability, the plugin has a history of severe security flaws. The common types of vulnerabilities (Missing Authorization, PHP Remote File Inclusion, Cross-site Scripting) suggest recurring issues with input sanitization, authorization checks, and secure file handling. This pattern, coupled with the unprotected AJAX endpoints, indicates a persistent need for more rigorous security auditing and patching.

Overall, while the codebase shows some positive security indicators, the documented history of critical vulnerabilities and the presence of unprotected entry points necessitate a cautious approach. The ongoing unpatched critical vulnerability is the most pressing concern, and the potential for exploitation of unprotected AJAX handlers warrants immediate attention.

Key Concerns

  • Currently unpatched critical vulnerability
  • Unprotected AJAX handlers present
  • High number of flows with unsanitized paths
  • Critical severity vulnerability in history
  • High severity vulnerability in history
  • Vulnerabilities related to Missing Authorization
  • Vulnerabilities related to PHP Remote File Inclusion
  • Vulnerabilities related to Cross-site Scripting
  • Dangerous function 'unserialize' used
Vulnerabilities
4

Ray Enterprise Translation Security Vulnerabilities

CVEs by Year

1 CVE in 2016
2016
3 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
2

4 total CVEs

CVE-2025-58785medium · 6.5Missing Authorization

Ray Enterprise Translation <= 1.7.1 - Missing Authorization

Sep 5, 2025Unpatched
CVE-2025-60076high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Ray Enterprise Translation <= 1.7.1 - Unauthenticated Local File Inclusion

Aug 30, 2025 Patched in 1.7.2 (154d)
CVE-2025-31030critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Ray Enterprise Translation <= 1.7.0 - Unauthenticated Local File Inclusion

Apr 10, 2025 Patched in 1.7.1 (118d)
WF-4fbeee29-751a-48c9-a875-393441f62dde-lingotek-translationmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Lingotek Translation <= 1.1.8 - Cross-Site Scripting

Jun 20, 2016 Patched in 1.1.9 (2773d)
Code Analysis
Analyzed Mar 16, 2026

Ray Enterprise Translation Code Analysis

Dangerous Functions
7
Raw SQL Queries
3
19 prepared
Unescaped Output
37
807 escaped
Nonce Checks
42
Capability Checks
26
File Operations
6
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

unserialize$desc_arr = unserialize( $term->description );admin\utilities.php:96
unserialize$this->desc_array = unserialize( $term->description );include\group.php:38
unserialize$d = unserialize( $d );include\group.php:72
unserialize$group = unserialize( $group );include\model.php:703
unserialize$group = unserialize( $group );include\model.php:785
unserialize$group = unserialize( $group );include\model.php:903
unserialize$group = unserialize( $group );include\model.php:936

Bundled Libraries

Select2

SQL Query Safety

86% prepared22 total queries

Output Escaping

96% escaped844 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

12 flows6 with unsanitized paths
ajax_utility_disassociate (admin\utilities.php:153)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Ray Enterprise Translation Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 9

authwp_ajax_estimate_costadmin\actions.php:248
authwp_ajax_request_professional_translationadmin\actions.php:249
authwp_ajax_get_user_payment_informationadmin\actions.php:250
authwp_ajax_get_ltk_terms_and_conditionsadmin\actions.php:251
authwp_ajax_get_current_statusadmin\admin.php:37
authwp_ajax_lingotek_authorization_actionadmin\admin.php:40
authwp_ajax_lingotek_progress_disassociateadmin\utilities.php:22
authwp_ajax_lingotek_progress_disassociate_and_deleteadmin\utilities.php:23
authwp_ajax_lingotek_progress_canceladmin\utilities.php:24
WordPress Hooks 65
actionadmin_enqueue_scriptsadmin\actions.php:246
actionadmin_enqueue_scriptsadmin\admin.php:25
actionadmin_menuadmin\admin.php:31
actionload-translation_page_lingotek-translation_manageadmin\admin.php:33
filterset-screen-optionadmin\admin.php:34
actionnetwork_admin_menuadmin\admin.php:39
actionedit_attachmentadmin\filters-media.php:27
actionadd_attachmentadmin\filters-media.php:29
actionpost_updatedadmin\filters-post.php:47
actiontrashed_postadmin\filters-post.php:50
actionuntrashed_postadmin\filters-post.php:51
filtermanage_posts_columnsadmin\filters-post.php:53
actionmanage_posts_custom_columnadmin\filters-post.php:54
filtermanage_pages_columnsadmin\filters-post.php:56
actionmanage_pages_custom_columnadmin\filters-post.php:57
actionparse_queryadmin\filters-post.php:60
actionedit_form_topadmin\filters-post.php:75
actionedit_termsadmin\filters-term.php:34
actionedited_termadmin\filters-term.php:35
filterpost_row_actionsadmin\post-actions.php:20
filterpage_row_actionsadmin\post-actions.php:22
filtermedia_row_actionsadmin\post-actions.php:23
filterbulk_actions-edit-postadmin\post-actions.php:26
filterbulk_actions-edit-pageadmin\post-actions.php:27
actionload-edit.phpadmin\post-actions.php:42
actionload-upload.phpadmin\post-actions.php:43
actionload-edit.phpadmin\post-actions.php:46
actionadd_meta_boxesadmin\post-actions.php:49
actionsave_postadmin\post-actions.php:50
actionadmin_noticesadmin\post-actions.php:130
actionupdated_optionadmin\string-actions.php:17
actionload-edit-tags.phpadmin\term-actions.php:24
actionadmin_enqueue_scriptsadmin\utilities.php:21
filtersafe_style_cssadmin\workflows\workflow.php:274
filterrequestinclude\callback.php:23
filtercontent_save_preinclude\group-post.php:520
filtercontent_filtered_save_preinclude\group-post.php:521
actionpre_post_updateinclude\group-term.php:138
filterset_pre_term_nameinclude\group-term.php:139
filterset_pre_term_sluginclude\group-term.php:140
actioncreate_terminclude\group-term.php:141
actionedit_terminclude\group-term.php:142
actionpre_post_updateinclude\model.php:330
filterpre_term_nameinclude\model.php:331
filterpre_term_sluginclude\model.php:332
actioncreate_terminclude\model.php:333
actionedit_terminclude\model.php:334
actioninitinclude\plugins-compat.php:15
actionadmin_initinclude\plugins-compat.php:29
actionadmin_enqueue_scriptsinclude\pointer.php:31
actionadmin_print_footer_scriptsinclude\pointer.php:48
filterpll_modellingotek.php:292
filterpll_modellingotek.php:299
actioninitlingotek.php:300
actionadmin_initlingotek.php:301
filterpll_languages_listlingotek.php:304
filterpll_flag_titlelingotek.php:307
actioninitlingotek.php:311
actioninitlingotek.php:313
actionplugins_loadedlingotek.php:320
actioninitlingotek.php:327
actionelementor/editor/after_savelingotek.php:330
actionadmin_noticeslingotek.php:380
actionall_admin_noticeslingotek.php:744
actionall_admin_noticeslingotek.php:746
Maintenance & Trust

Ray Enterprise Translation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 28, 2026
PHP min version
Downloads1.3M

Community Trust

Rating52/100
Number of ratings48
Active installs10K
Alternatives

Ray Enterprise Translation Alternatives

WPCasa Polylang

WPCasa Polylang

wpcasa-polylang

A
100

Add support for Polylang to manage WPCasa property data in multiple languages.

100 No CVEs
WPBakery Visual Composer & qTranslate-X

WPBakery Visual Composer & qTranslate-X

js-composer-qtranslate-x

A
85

Enables multilingual framework for plugin "WPBakery Visual Composer".

8K No CVEs
Hreflang Manager – Hreflang Implementation for International SEO

Hreflang Manager – Hreflang Implementation for International SEO

hreflang-manager-lite

A
100

The Hreflang Manager plugin provides you an easy and reliable method to implement hreflang in WordPress.

6K 1 CVE
Preferred Languages

Preferred Languages

preferred-languages

A
99

Choose languages for displaying WordPress in, in order of preference.

2K 1 CVE
Language Switcher

Language Switcher

language-switcher

A
99

Add a Language Switcher to Menus, Post Types and Taxonomies.

1K 1 CVE
Developer Profile

Ray Enterprise Translation Developer Profile

jbhovik

1 plugin · 10K total installs

55
trust score
Avg Security Score
65/100
Avg Patch Time
1015 days
View full developer profile
Detection Fingerprints

How We Detect Ray Enterprise Translation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lingotek-translation/assets/css/lingotek-admin.css/wp-content/plugins/lingotek-translation/assets/js/lingotek-admin.js/wp-content/plugins/lingotek-translation/assets/js/lingotek-modal.js
Script Paths
/wp-content/plugins/lingotek-translation/assets/js/lingotek-admin.js/wp-content/plugins/lingotek-translation/assets/js/lingotek-modal.js
Version Parameters
lingotek-translation/assets/css/lingotek-admin.css?ver=lingotek-translation/assets/js/lingotek-admin.js?ver=lingotek-translation/assets/js/lingotek-modal.js?ver=

HTML / DOM Fingerprints

CSS Classes
lingotek-failed-color
Data Attributes
data-lingotek-modal-trigger
JS Globals
lingotekTranslationlingotekModal
FAQ

Frequently Asked Questions about Ray Enterprise Translation