WP-Safety

Monk Security & Risk Analysis

wordpress.org/plugins/monk

Monk is a lightweight translation plugin to make your content reach the world.

10 active installs v0.7.0 PHP 5.4+ WP 4.6+ Updated Jan 22, 2018
internationallanguagemultilanguagemultilingualtranslation
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Monk Safe to Use in 2026?

Generally Safe

Score 85/100

Monk has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "monk" plugin v0.7.0 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. While the plugin does not appear to have a history of publicly disclosed vulnerabilities, the static analysis reveals several potential weaknesses that could be exploited. The presence of 4 AJAX handlers without authentication checks represents a substantial attack surface that could allow unauthorized actions. Additionally, all 5 SQL queries are executed without prepared statements, making the plugin susceptible to SQL injection vulnerabilities. The taint analysis did not reveal critical or high severity issues with unsanitized paths, which is a positive sign, and the vast majority of output is properly escaped, mitigating XSS risks. However, the lack of robust input validation and authentication on key entry points overshadows these positive aspects.

Key Concerns

  • AJAX handlers without auth checks
  • SQL queries without prepared statements
  • Large attack surface without auth
Vulnerabilities
None known

Monk Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Monk Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
0 prepared
Unescaped Output
3
350 escaped
Nonce Checks
4
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared5 total queries

Output Escaping

99% escaped353 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
monk_canonical_redirection (includes\class-monk-links.php:590)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Monk Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_monk_add_attachment_translationincludes\class-monk.php:242
authwp_ajax_monk_set_language_to_elementsincludes\class-monk.php:250
authwp_ajax_monk_save_general_form_settingsincludes\class-monk.php:251
authwp_ajax_monk_save_optionsincludes\class-monk.php:252

Shortcodes 1

[translation] includes\class-monk.php:253
WordPress Hooks 70
actionplugins_loadedincludes\class-monk.php:184
filterlocaleincludes\class-monk.php:185
filterquery_varsincludes\class-monk.php:198
actionadmin_enqueue_scriptsincludes\class-monk.php:215
actionadmin_enqueue_scriptsincludes\class-monk.php:216
actionadmin_noticesincludes\class-monk.php:217
actionadmin_menuincludes\class-monk.php:218
actionadmin_initincludes\class-monk.php:219
actionadmin_initincludes\class-monk.php:220
actionadmin_footerincludes\class-monk.php:221
actionadmin_footerincludes\class-monk.php:222
actionadd_meta_boxesincludes\class-monk.php:223
actionsave_postincludes\class-monk.php:224
actionwp_trash_postincludes\class-monk.php:225
actionbefore_delete_postincludes\class-monk.php:226
actiondelete_attachmentincludes\class-monk.php:227
actionrestrict_manage_postsincludes\class-monk.php:228
actionrestrict_manage_commentsincludes\class-monk.php:229
filterpre_get_postsincludes\class-monk.php:230
filterget_terms_defaultsincludes\class-monk.php:231
filtercomments_clausesincludes\class-monk.php:232
filtermanage_posts_columnsincludes\class-monk.php:233
filtermanage_pages_columnsincludes\class-monk.php:234
filtermanage_media_columnsincludes\class-monk.php:235
actionmanage_posts_custom_columnincludes\class-monk.php:236
actionmanage_pages_custom_columnincludes\class-monk.php:237
actionmanage_media_custom_columnincludes\class-monk.php:238
actionadmin_noticesincludes\class-monk.php:239
actionwp_loadedincludes\class-monk.php:240
actionedit_attachmentincludes\class-monk.php:241
filterattachment_fields_to_saveincludes\class-monk.php:243
filterattachment_fields_to_editincludes\class-monk.php:244
filterwp_delete_fileincludes\class-monk.php:245
actiondelete_attachmentincludes\class-monk.php:246
actioncurrent_screenincludes\class-monk.php:247
filterpre_get_postsincludes\class-monk.php:248
actionadmin_footerincludes\class-monk.php:249
actionuntrash_postincludes\class-monk.php:254
actionwp_enqueue_scriptsincludes\class-monk.php:272
actionwp_enqueue_scriptsincludes\class-monk.php:273
actionwp_headincludes\class-monk.php:274
actionpre_get_postsincludes\class-monk.php:275
filterget_terms_defaultsincludes\class-monk.php:276
filterwp_nav_menu_argsincludes\class-monk.php:277
filteroption_page_on_frontincludes\class-monk.php:278
actioninitincludes\class-monk.php:314
filterhome_urlincludes\class-monk.php:315
filterday_linkincludes\class-monk.php:316
filterpost_linkincludes\class-monk.php:317
filterpage_linkincludes\class-monk.php:318
filterterm_linkincludes\class-monk.php:319
filteryear_linkincludes\class-monk.php:320
filtermonth_linkincludes\class-monk.php:321
filterauthor_linkincludes\class-monk.php:322
filtersearch_linkincludes\class-monk.php:323
filterpost_type_linkincludes\class-monk.php:324
filterattachment_linkincludes\class-monk.php:325
filterpost_type_archive_linkincludes\class-monk.php:326
actionget_search_formincludes\class-monk.php:327
actiontemplate_redirectincludes\class-monk.php:328
actionrewrite_rules_arrayincludes\class-monk.php:329
actionadmin_initincludes\class-monk.php:330
actionget_previous_post_joinincludes\class-monk.php:331
actionget_next_post_joinincludes\class-monk.php:332
actionwidgets_initincludes\class-monk.php:345
actioncustomize_registerincludes\class-monk.php:347
actionwp_headincludes\class-monk.php:348
actioncreated_termincludes\class-monk.php:372
actionedited_termsincludes\class-monk.php:373
actionpre_delete_termincludes\class-monk.php:374
Maintenance & Trust

Monk Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 22, 2018
PHP min version5.4
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Monk Alternatives

WP Multilang – Translation and Multilingual Plugin

WP Multilang – Translation and Multilingual Plugin

wp-multilang

A
98

Multilingual plugin for WordPress. Go Multilingual in minutes with full WordPress support. Translate your site easily with this localization plugin.

10K 1 CVE
Sublanguage

Sublanguage

sublanguage

A
100

Sublanguage is a lightweight multilanguage plugin for wordpress.

700 1 CVE
Falang for Elementor Lite

Falang for Elementor Lite

falang-for-elementor-lite

A
100

The Falang for Elementor plugin makes your Elementor page translation simpler.

400 No CVEs
Falang for Divi Lite

Falang for Divi Lite

falang-for-divi-lite

A
100

The Falang for Divi plugin makes your Divi page translation simpler.

100 No CVEs
Sublanguage Switcher Widget

Sublanguage Switcher Widget

sublanguage-switcher-widget

A
100

Sublanguage Switcher Widget is a plugin to display a fancy language switcher widget when Sublanguage plugin is used

80 No CVEs
Developer Profile

Monk Developer Profile

Breno Alves

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Monk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/monk/css/monk-admin.css/wp-content/plugins/monk/css/monk-widgets.css/wp-content/plugins/monk/css/monk-flags.css/wp-content/plugins/monk/js/monk-admin.js
Script Paths
/wp-content/plugins/monk/js/monk-admin.js
Version Parameters
monk-admin.css?ver=monk-widgets.css?ver=monk-flags.css?ver=monk-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
monk-flag
JS Globals
monk
FAQ

Frequently Asked Questions about Monk