WP-Safety

Magic Post Translate Security & Risk Analysis

wordpress.org/plugins/magic-post-translate

Automatic Translate Posts & Pages with Deepl

10 active installs v1.0.1 PHP + WP 5.0+ Updated Jun 22, 2020
apiautomaticdeepltranslatetranslating
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Magic Post Translate Safe to Use in 2026?

Generally Safe

Score 85/100

Magic Post Translate has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The 'magic-post-translate' v1.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, utilizing prepared statements exclusively, and has a clean vulnerability history with no known CVEs. The plugin also correctly implements nonce and capability checks in a majority of its interaction points, and avoids file operations and bundled libraries. However, significant concerns arise from its attack surface. One out of three AJAX handlers lacks authentication checks, presenting a direct entry point for unauthorized actions. Furthermore, the taint analysis reveals two flows with unsanitized paths, which, although not classified as critical or high severity, still pose a potential risk if these paths are exposed to user-controlled input. The relatively high percentage of improperly escaped output (47%) also suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with unsanitized input flows.

Key Concerns

  • AJAX handler without auth check
  • Flows with unsanitized paths (2)
  • Improperly escaped output (47%)
Vulnerabilities
None known

Magic Post Translate Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Magic Post Translate Release Timeline

v1.0.1Current
v1.0
Code Analysis
Analyzed Mar 17, 2026

Magic Post Translate Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
9 escaped
Nonce Checks
2
Capability Checks
5
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

53% escaped17 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
magic_post_translate_bulk_action_handler (magic-post-translate.php:85)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Magic Post Translate Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_magic_post_translate_save_bulk_editmagic-post-translate.php:64
noprivwp_ajax_get_users_table_datamagic-post-translate.php:67
authwp_ajax_get_users_table_datamagic-post-translate.php:68
WordPress Hooks 13
actionadmin_menumagic-post-translate.php:41
actioninitmagic-post-translate.php:42
filterplugin_action_linksmagic-post-translate.php:44
actionadmin_enqueue_scriptsmagic-post-translate.php:51
actionadd_meta_boxesmagic-post-translate.php:53
actionsave_postmagic-post-translate.php:54
filtercategory_row_actionsmagic-post-translate.php:56
filtermanage_edit-post_columnsmagic-post-translate.php:58
actionmanage_post_posts_custom_columnmagic-post-translate.php:59
filtermanage_edit-posts_sortable_columnsmagic-post-translate.php:60
actionbulk_edit_custom_boxmagic-post-translate.php:62
actionadmin_print_scripts-edit.phpmagic-post-translate.php:63
actionadmin_headmagic-post-translate.php:313
Maintenance & Trust

Magic Post Translate Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedJun 22, 2020
PHP min version
Downloads2K

Community Trust

Rating20/100
Number of ratings1
Active installs10
Alternatives

Magic Post Translate Alternatives

Translate Multilingual sites – TranslatePress

Translate Multilingual sites – TranslatePress

translatepress-multilingual

A
92

Translate your entire site directly from the front-end and go multilingual. Full support for WooCommerce, page builders + Google Translate integration

400K 5 CVEs
Translate WordPress with Weglot – Multilingual AI Translation

Translate WordPress with Weglot – Multilingual AI Translation

weglot

A
98

Translate WordPress sites with automatic AI translation into 110+ languages. Multilingual SEO, WooCommerce compatible, 110k+ sites.

60K 2 CVEs
AI Translation For TranslatePress

AI Translation For TranslatePress

automatic-translate-addon-for-translatepress

A
100

Auto-translate unlimited strings and characters using AI & Machine Translation tools without any external API Key!

10K No CVEs
Linguise – AI Automatic Multilingual Translation

Linguise – AI Automatic Multilingual Translation

linguise

A
100

Linguise is a top-quality automatic AI translation with a front-end translation editor. 5' install, SEO-optimized translations, 85+ languages

1K No CVEs
POEditor

POEditor

poeditor

A
95

This plugin will let you manage your POEditor translations directly from Wordpress via the POEditor API.

600 4 CVEs
Developer Profile

Magic Post Translate Developer Profile

Alexandre Gaboriau

5 plugins · 7K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
315 days
View full developer profile
Detection Fingerprints

How We Detect Magic Post Translate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/magic-post-translate/assets/js/jquery-ui/jquery-ui.css/wp-content/plugins/magic-post-translate/assets/js/generation.js/wp-content/plugins/magic-post-translate/assets/css/admin-style.css
Script Paths
assets/js/jquery-ui/jquery-ui.cssassets/js/generation.jsassets/css/admin-style.css

HTML / DOM Fingerprints

JS Globals
translationJsVars
REST Endpoints
/wp-json/magic-post-translate/v1/translate
FAQ

Frequently Asked Questions about Magic Post Translate