WP-Safety

Phrase TMS Integration for WordPress Security & Risk Analysis

wordpress.org/plugins/memsource-connector

We’re transforming language technology, opening the door to global business so you can reach more people, make deeper connections, and drive growth.

300 active installs v4.7.9 PHP 7.4+ WP 4.9+ Updated Feb 16, 2026
localisationlocalizationphrasetranslationwpml
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 16, 2026
Plugin page Download
Safety Verdict

Is Phrase TMS Integration for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

Phrase TMS Integration for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 16, 2026Updated 1mo ago
Risk Assessment

The memsource-connector plugin v4.7.9 exhibits a mixed security posture. While a significant majority of its SQL queries utilize prepared statements and there are no identified critical or high severity taint flows, several areas raise concerns. The presence of one AJAX handler without authentication checks presents a direct attack vector. Furthermore, the use of the dangerous 'unserialize' function, combined with only 31% of output properly escaped, suggests potential vulnerabilities related to data handling and injection if untrusted data is processed. The plugin's vulnerability history, while showing no currently unpatched CVEs, does indicate a past medium severity vulnerability, which could imply an ongoing risk of such issues if best practices are not consistently maintained. The plugin benefits from a relatively small attack surface and a lack of bundled libraries, but the identified unprotected entry point and the 'unserialize' function are notable weaknesses that require attention.

Key Concerns

  • AJAX handler without authentication check
  • Presence of dangerous unserialize function
  • Low percentage of properly escaped output
  • Vulnerability history with medium severity CVE
Vulnerabilities
1

Phrase TMS Integration for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-12168medium · 4.3Missing Authorization

Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion

Jan 16, 2026 Patched in 4.7.6 (1d)
Code Analysis
Analyzed Mar 16, 2026

Phrase TMS Integration for WordPress Code Analysis

Dangerous Functions
3
Raw SQL Queries
5
39 prepared
Unescaped Output
44
20 escaped
Nonce Checks
2
Capability Checks
2
File Operations
10
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn @unserialize(base64_decode(trim($matches[0][1])));src\Service\CustomFields\CustomFieldsDecodeService.php:67
unserialize$decodedMetaValue = unserialize($metaValue);src\Service\ExternalPlugin\AcfPlugin.php:39
unserialize$elementorData = unserialize($json[1]);src\Service\ExternalPlugin\AcfPlugin.php:58

SQL Query Safety

89% prepared44 total queries

Output Escaping

31% escaped64 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

10 flows10 with unsanitized paths
renderPage (src\Page\AdvancedPage.php:22)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Phrase TMS Integration for WordPress Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_generate_tokenmemsource.php:62
authwp_ajax_zip_and_email_logmemsource.php:63
authwp_ajax_delete_logmemsource.php:64
WordPress Hooks 29
actionwpmu_new_blogmemsource.php:49
actionplugins_loadedmemsource.php:50
actionadmin_enqueue_scriptsmemsource.php:51
actionnetwork_admin_menumemsource.php:55
actionadmin_menumemsource.php:58
actionadmin_action_save_connector_optionsmemsource.php:65
actionadmin_action_set_debug_modememsource.php:66
actionadmin_action_download_logsmemsource.php:67
actionadmin_action_add_update_short_codememsource.php:68
actionadmin_action_delete_short_codememsource.php:69
actionadmin_action_add_update_blockmemsource.php:70
actionadmin_action_edit_blocksmemsource.php:71
actionadmin_action_delete_blockmemsource.php:72
actionadmin_post_memsource_language_mapping_formmemsource.php:73
actionadmin_post_memsource_content_settings_formmemsource.php:74
actionrest_api_initmemsource.php:75
actiondelete_postmemsource.php:76
actiondelete_post_metamemsource.php:77
actionwpml_translation_updatememsource.php:78
actionregistered_post_typememsource.php:79
actionregistered_taxonomymemsource.php:80
filterplugin_action_linksmemsource.php:81
filterwp_kses_allowed_htmlsrc\Service\Content\AbstractPostService.php:218
filterpre_get_postssrc\Service\FilterService.php:17
filterposts_wheresrc\Service\FilterService.php:25
filterpre_get_postssrc\Utils\PreviewUtils.php:13
filterposts_resultssrc\Utils\PreviewUtils.php:26
filtercomments_opensrc\Utils\PreviewUtils.php:44
filterpings_opensrc\Utils\PreviewUtils.php:45
Maintenance & Trust

Phrase TMS Integration for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 16, 2026
PHP min version7.4
Downloads57K

Community Trust

Rating80/100
Number of ratings4
Active installs300
Alternatives

Phrase TMS Integration for WordPress Alternatives

WPC Simple Translate

WPC Simple Translate

easy-translate

A
100

Translate texts in content, slider, form, gallery, page builders widgets... in different languages. [:en]Hello[:fr]Bonjour[:]

70 No CVEs
GlotPress Notify

GlotPress Notify

glotpress-notify

A
100

notify WordPress users when new GlotPress translations strings are awaiting review

10 No CVEs
Polylang

Polylang

polylang

A
93

Go multilingual in a simple and efficient way. Keep writing posts and taxonomy terms as usual while defining their languages all at once.

800K 3 CVEs
Performant Translations

Performant Translations

performant-translations

A
100

Making internationalization/localization in WordPress faster than ever before.

40K No CVEs
WP Multilang – Translation and Multilingual Plugin

WP Multilang – Translation and Multilingual Plugin

wp-multilang

A
98

Multilingual plugin for WordPress. Go Multilingual in minutes with full WordPress support. Translate your site easily with this localization plugin.

10K 1 CVE
Developer Profile

Phrase TMS Integration for WordPress Developer Profile

Phrase

1 plugin · 300 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Phrase TMS Integration for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/memsource-connector/css/memsource.css/wp-content/plugins/memsource-connector/js/memsource.js/wp-content/plugins/memsource-connector/js/clipboard.min.js
Script Paths
/wp-content/plugins/memsource-connector/js/memsource.js/wp-content/plugins/memsource-connector/js/clipboard.min.js
Version Parameters
memsource-connector/css/memsource.css?ver=memsource-connector/js/memsource.js?ver=memsource-connector/js/clipboard.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
memsource-admin-page
HTML Comments
<!-- memsource admin page -->
Data Attributes
data-memsource-shortcode-id
JS Globals
memsourceAjax
REST Endpoints
/wp-json/memsource/v1
Shortcode Output
[memsource_form]
FAQ

Frequently Asked Questions about Phrase TMS Integration for WordPress