[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fCfB9-Z_GhCbnnYwGkjEMbblaaPa4EZ-CPQ4OGAjiUt0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":267},"mealingua","Mealingua Posts and Pages Translations","2.0.6.1","RealMag777","https:\u002F\u002Fprofiles.wordpress.org\u002Frealmag777\u002F","\u003Cp>The main purpose of the plugin: translation of WordPress pages and posts on your site by ajax.\u003C\u002Fp>\n\u003Cp>This is necessary for example when the site is mainly intended for an audience speaking the same language as site admin, but still some of the articles should be translated into other languages, for example you are a developer, blogging, but some instructions and descriptions of some product you need to write in several languages.\u003C\u002Fp>\n\u003Cp>Plugin doesn work with translation services! The principle of the creation of translation posts – text created by hands. Lang services are good, but the translation of large text by them looks funny.\u003C\u002Fp>\n\u003Cp>The advantage of this plugin is ease and simplicity. You will not need to install big and heavy plugins only for a few articles.\u003C\u002Fp>\n\u003Cp>Read more here: \u003Ca href=\"https:\u002F\u002Fpluginus.net\u002Fshop\u002Fwordpress-plugins\u002Fmealingua\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fpluginus.net\u002Fshop\u002Fwordpress-plugins\u002Fmealingua\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmHyMLYWdxB4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FgQDBKWmlFjs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is copyright pluginus.net &copy; 2012-2019 with \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> by realmag777.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. See the GNU General Public License for more details.\u003C\u002Fp>\n","The main purpose of the plugin: translation of WordPress pages and posts on your site by ajax.",20,9551,80,3,"2019-06-24T10:10:00.000Z","5.2.24","3.0.0","",[],"http:\u002F\u002Fpluginus.net\u002Fmealingua\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmealingua.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"realmag777",12,188290,82,209,66,"2026-04-04T03:50:39.114Z",[],{"attackSurface":37,"codeSignals":136,"taintFlows":226,"riskAssessment":252,"analyzedAt":266},{"hooks":38,"ajaxHandlers":116,"restRoutes":132,"shortcodes":133,"cronEvents":134,"entryPointCount":135,"unprotectedCount":135},[39,45,49,52,55,58,61,64,68,71,75,79,82,85,89,93,96,100,103,107,112],{"type":40,"name":41,"callback":41,"priority":42,"file":43,"line":44},"action","init",1,"index.php",21,{"type":40,"name":46,"callback":46,"priority":47,"file":43,"line":48},"admin_head",999,22,{"type":40,"name":50,"callback":50,"file":43,"line":51},"wp_head",23,{"type":40,"name":53,"callback":53,"file":43,"line":54},"admin_init",24,{"type":40,"name":56,"callback":56,"file":43,"line":57},"save_post",25,{"type":40,"name":59,"callback":59,"file":43,"line":60},"admin_menu",26,{"type":40,"name":62,"callback":62,"file":43,"line":63},"admin_notices",27,{"type":65,"name":66,"callback":66,"priority":47,"file":43,"line":67},"filter","the_content",29,{"type":65,"name":69,"callback":69,"priority":47,"file":43,"line":70},"the_title",30,{"type":65,"name":72,"callback":73,"priority":47,"file":43,"line":74},"manage_posts_columns","manage_post_posts_columns",128,{"type":40,"name":76,"callback":77,"priority":47,"file":43,"line":78},"manage_posts_custom_column","manage_post_posts_custom_column",129,{"type":65,"name":80,"callback":73,"priority":47,"file":43,"line":81},"manage_pages_columns",131,{"type":40,"name":83,"callback":77,"priority":47,"file":43,"line":84},"manage_pages_custom_column",132,{"type":65,"name":86,"callback":87,"file":43,"line":88},"wp_insert_post_data","default_comments_on",134,{"type":40,"name":90,"callback":90,"priority":91,"file":43,"line":92},"post_row_actions",10,135,{"type":40,"name":94,"callback":90,"priority":91,"file":43,"line":95},"page_row_actions",136,{"type":40,"name":97,"callback":98,"priority":91,"file":43,"line":99},"created_term","term_type_update",693,{"type":40,"name":101,"callback":98,"priority":91,"file":43,"line":102},"edit_term",694,{"type":65,"name":104,"callback":105,"file":43,"line":106},"manage_edit-languages_columns","draw_languages_columns",697,{"type":65,"name":108,"callback":109,"priority":110,"file":43,"line":111},"manage_languages_custom_column","draw_languages_columns_data",5,698,{"type":40,"name":113,"callback":114,"priority":91,"file":43,"line":115},"languages_edit_form_fields","edit_form_fields",700,[117,122,126,130],{"action":118,"nopriv":119,"callback":120,"hasNonce":119,"hasCapCheck":119,"file":43,"line":121},"mealingua_set_default_language",false,"set_default_language",34,{"action":123,"nopriv":119,"callback":124,"hasNonce":119,"hasCapCheck":119,"file":43,"line":125},"mealingua_save_settings","save_settings",35,{"action":127,"nopriv":128,"callback":127,"hasNonce":119,"hasCapCheck":119,"file":43,"line":129},"mealingua_get_post_content",true,36,{"action":127,"nopriv":119,"callback":127,"hasNonce":119,"hasCapCheck":119,"file":43,"line":131},37,[],[],[],4,{"dangerousFunctions":137,"sqlUsage":138,"outputEscaping":141,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":225},[],{"prepared":139,"raw":23,"locations":140},2,[],{"escaped":139,"rawEcho":142,"locations":143},51,[144,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,182,183,184,185,186,187,188,189,190,193,194,196,197,199,200,201,202,203,204,205,206,207,208,210,212,214,215,218,219,220,221,223],{"file":43,"line":145,"context":146},178,"raw output",{"file":43,"line":148,"context":146},202,{"file":43,"line":150,"context":146},246,{"file":43,"line":152,"context":146},256,{"file":43,"line":154,"context":146},266,{"file":43,"line":156,"context":146},275,{"file":43,"line":158,"context":146},296,{"file":43,"line":160,"context":146},300,{"file":43,"line":162,"context":146},328,{"file":43,"line":164,"context":146},545,{"file":43,"line":166,"context":146},623,{"file":43,"line":168,"context":146},649,{"file":43,"line":170,"context":146},660,{"file":43,"line":172,"context":146},674,{"file":43,"line":174,"context":146},722,{"file":43,"line":176,"context":146},729,{"file":43,"line":178,"context":146},744,{"file":180,"line":29,"context":146},"views\\manual\\post_flags_panel.php",{"file":180,"line":29,"context":146},{"file":180,"line":29,"context":146},{"file":180,"line":29,"context":146},{"file":180,"line":51,"context":146},{"file":180,"line":51,"context":146},{"file":180,"line":51,"context":146},{"file":180,"line":51,"context":146},{"file":180,"line":51,"context":146},{"file":180,"line":51,"context":146},{"file":191,"line":192,"context":146},"views\\posts_selector_meta_box.php",18,{"file":191,"line":192,"context":146},{"file":191,"line":195,"context":146},31,{"file":191,"line":195,"context":146},{"file":198,"line":29,"context":146},"views\\post_flags_panel.php",{"file":198,"line":29,"context":146},{"file":198,"line":29,"context":146},{"file":198,"line":29,"context":146},{"file":198,"line":51,"context":146},{"file":198,"line":51,"context":146},{"file":198,"line":51,"context":146},{"file":198,"line":51,"context":146},{"file":198,"line":51,"context":146},{"file":198,"line":51,"context":146},{"file":198,"line":209,"context":146},32,{"file":211,"line":139,"context":146},"views\\post_languages_box.php",{"file":211,"line":213,"context":146},6,{"file":211,"line":213,"context":146},{"file":216,"line":217,"context":146},"views\\settings.php",15,{"file":216,"line":54,"context":146},{"file":216,"line":57,"context":146},{"file":216,"line":129,"context":146},{"file":216,"line":222,"context":146},41,{"file":216,"line":224,"context":146},46,[],[227,244],{"entryPoint":228,"graph":229,"unsanitizedCount":42,"severity":243},"set_default_language (index.php:550)",{"nodes":230,"edges":241},[231,236],{"id":232,"type":233,"label":234,"file":43,"line":235},"n0","source","$_REQUEST['term_id']",552,{"id":237,"type":238,"label":239,"file":43,"line":235,"wp_function":240},"n1","sink","update_option() [Settings Manipulation]","update_option",[242],{"from":232,"to":237,"sanitized":119},"low",{"entryPoint":245,"graph":246,"unsanitizedCount":42,"severity":243},"\u003Cindex> (index.php:0)",{"nodes":247,"edges":250},[248,249],{"id":232,"type":233,"label":234,"file":43,"line":235},{"id":237,"type":238,"label":239,"file":43,"line":235,"wp_function":240},[251],{"from":232,"to":237,"sanitized":119},{"summary":253,"deductions":254},"The mealingua plugin version 2.0.6.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding database interactions by exclusively using prepared statements for its SQL queries, and it has no recorded vulnerability history, suggesting a generally stable and well-maintained codebase. However, significant concerns arise from its attack surface and input sanitization. The presence of four unprotected AJAX handlers represents a substantial entry point for attackers. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential vulnerabilities where user input could be manipulated to execute unintended code or access sensitive information. The exceptionally low percentage of properly escaped output (4%) is another major red flag, suggesting that data displayed to users might be susceptible to cross-site scripting (XSS) attacks.\n\nWhile the absence of known CVEs is a strength, the static analysis findings, particularly the unprotected AJAX endpoints and unsanitized input flows, present immediate risks that outweigh the lack of historical vulnerabilities. The plugin needs urgent attention to secure its AJAX endpoints, implement proper input sanitization for all data flows, and significantly improve its output escaping mechanisms to mitigate XSS risks. Failure to address these issues could lead to serious security breaches despite the plugin's clean CVE record.",[255,257,259,261,264],{"reason":256,"points":217},"Unprotected AJAX handlers",{"reason":258,"points":29},"Unsanitized input paths (taint analysis)",{"reason":260,"points":91},"Low percentage of properly escaped output",{"reason":262,"points":263},"Missing nonce checks on AJAX",8,{"reason":265,"points":263},"Missing capability checks on AJAX","2026-03-16T22:56:14.021Z",{"wat":268,"direct":277},{"assetPaths":269,"generatorPatterns":272,"scriptPaths":273,"versionParams":274},[270,271],"\u002Fwp-content\u002Fplugins\u002Fmealingua\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fmealingua\u002Fjs\u002Fadmin.js",[],[271],[275,276],"mealingua\u002Fcss\u002Fadmin.css?ver=","mealingua\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":278,"htmlComments":279,"htmlAttributes":280,"restEndpoints":282,"jsGlobals":283,"shortcodeOutput":288},[],[],[281],"data-original-post-id",[],[284,285,286,287],"mealingua_lang_settings_saved","mealingua_lang_deflang_changed","mealingua_lang_really_want_change_post_type","mealingua_ajax_object",[]]