WP-Safety

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher Security & Risk Analysis

wordpress.org/plugins/multilanguage

The ultimate WordPress translation solution with built-in language translator. Create multilingual content, switch languages, and translate your entir …

3K active installs v1.5.2 PHP + WP 6.4+ Updated Jan 14, 2026
language-switcherlanguage-translatormultilanguage-wordpresstranslate-wordpresswordpress-translation-plugin
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJan 15, 2026
Plugin page Download
Safety Verdict

Is Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher Safe to Use in 2026?

Mostly Safe

Score 76/100

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jan 15, 2026Updated 2mo ago
Risk Assessment

The "multilanguage" plugin v1.5.2 exhibits a mixed security posture. On the positive side, the static analysis reveals a strong adherence to secure coding practices, with a high percentage of SQL queries using prepared statements and output being properly escaped. The plugin also demonstrates a good number of nonce and capability checks, indicating an effort to protect against common WordPress vulnerabilities. The total entry points are relatively low, and importantly, none are reported as unprotected in the static analysis.

However, several concerns emerge from the analysis. The presence of four high-severity taint flows with unsanitized paths is a significant red flag, suggesting potential vulnerabilities in how user input is handled. Furthermore, the plugin has a history of known vulnerabilities, including two CVEs, with one still unpatched. The types of past vulnerabilities (Missing Authorization and Cross-site Scripting) are concerning and align with the identified taint flows, indicating recurring security weaknesses. While the current version appears to have addressed some of these issues, the unpatched CVE and the high-severity taint flows warrant immediate attention.

In conclusion, while "multilanguage" v1.5.2 has implemented several good security practices, the unpatched CVE and the high-severity taint flows represent critical risks that could be exploited. The historical pattern of vulnerabilities suggests a need for more robust security auditing and patching processes within the plugin's development lifecycle. Users should be cautious until these issues are fully addressed and remediated.

Key Concerns

  • Unpatched CVE
  • High severity taint flows (4)
  • Vulnerability history: Common types (Auth/XSS)
Vulnerabilities
2

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-24598medium · 4.3Missing Authorization

Multilanguage by BestWebSoft <= 1.5.2 - Missing Authorization

Jan 15, 2026Unpatched
WF-78f04982-7f42-4c10-9fad-2584a26a4c79-multilanguagemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multilanguage by BestWebSoft < 1.2.3 - Reflected Cross-Site Scripting

Apr 12, 2017 Patched in 1.2.3 (2477d)
Code Analysis
Analyzed Mar 16, 2026

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
63 prepared
Unescaped Output
22
691 escaped
Nonce Checks
28
Capability Checks
5
File Operations
2
External Requests
6
Bundled Libraries
0

SQL Query Safety

90% prepared70 total queries

Output Escaping

97% escaped713 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

12 flows4 with unsanitized paths
bws_add_menu_render (bws_menu\bws_menu.php:18)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1466
authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:433
authwp_ajax_mltlngg_ajax_callbackmultilanguage.php:3928

Shortcodes 1

[multilanguage_switcher] multilanguage.php:3873
WordPress Hooks 70
filterload_textdomain_mofilebws_menu\bws_functions.php:43
filtermce_external_pluginsbws_menu\bws_functions.php:1146
filtermce_buttonsbws_menu\bws_functions.php:1147
actionadmin_initbws_menu\bws_functions.php:1433
actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1434
actionadmin_headbws_menu\bws_functions.php:1435
actionadmin_footerbws_menu\bws_functions.php:1436
actionadmin_noticesbws_menu\bws_functions.php:1438
actionwp_enqueue_scriptsbws_menu\bws_functions.php:1440
actionload-multilanguage_page_multilanguage-languagesincludes\table.php:259
filterwoocommerce_ajax_get_endpointmultilanguage.php:99
actionwp_update_nav_menu_itemmultilanguage.php:169
filterlocalemultilanguage.php:608
filterlocalemultilanguage.php:612
filterfcbkbttn_meta_titlemultilanguage.php:1061
filterfcbkbttn_meta_descriptionmultilanguage.php:1062
filteraioseo_descriptionmultilanguage.php:1065
filteraioseop_descriptionmultilanguage.php:1066
filteraioseop_opengraph_placeholdermultilanguage.php:1067
filterwpseo_opengraph_titlemultilanguage.php:1071
filterwpseo_opengraph_descmultilanguage.php:1072
filterwpseo_titlemultilanguage.php:1073
filterwpseo_metadescmultilanguage.php:1074
actionadmin_footer-widgets.phpmultilanguage.php:1464
actionsave_postmultilanguage.php:2116
actionthe_editor_contentmultilanguage.php:2795
actionwpmu_new_blogmultilanguage.php:3853
actiondelete_blogmultilanguage.php:3854
actionplugins_loadedmultilanguage.php:3856
actiongenerate_rewrite_rulesmultilanguage.php:3859
filterquery_varsmultilanguage.php:3860
actionadmin_menumultilanguage.php:3862
actioninitmultilanguage.php:3863
actionadmin_initmultilanguage.php:3864
actioncurrent_screenmultilanguage.php:3865
filterlanguage_attributesmultilanguage.php:3866
actionwp_headmultilanguage.php:3867
actionadmin_enqueue_scriptsmultilanguage.php:3868
actionwp_enqueue_scriptsmultilanguage.php:3869
actionwidgets_initmultilanguage.php:3870
filtertaxonomy_labels_post_tagmultilanguage.php:3871
filterhome_urlmultilanguage.php:3876
actionedit_form_topmultilanguage.php:3883
filtertitle_edit_premultilanguage.php:3884
filterexcerpt_edit_premultilanguage.php:3885
filtervc_hooks_vc_post_settingsmultilanguage.php:3887
actionedit_form_after_titlemultilanguage.php:3889
actionedit_form_after_editormultilanguage.php:3890
actionsave_postmultilanguage.php:3892
actiondeleted_postmultilanguage.php:3893
filterbody_classmultilanguage.php:3896
filterthe_titlemultilanguage.php:3899
filtersingle_post_titlemultilanguage.php:3900
filterwp_get_nav_menu_itemsmultilanguage.php:3901
filterthe_contentmultilanguage.php:3902
filterget_termsmultilanguage.php:3903
filterget_the_termsmultilanguage.php:3904
filterget_termmultilanguage.php:3905
filterget_pagenum_linkmultilanguage.php:3906
filterauthor_linkmultilanguage.php:3907
filterget_the_excerptmultilanguage.php:3908
filterset-screen-optionmultilanguage.php:3910
filterposts_joinmultilanguage.php:3913
filterposts_wheremultilanguage.php:3914
filterbwsplgns_get_pdf_print_contentmultilanguage.php:3917
filterbwsplgns_get_pdf_print_titlemultilanguage.php:3918
filterbws_shortcode_button_contentmultilanguage.php:3921
filterplugin_action_linksmultilanguage.php:3924
filterplugin_row_metamultilanguage.php:3925
actionadmin_noticesmultilanguage.php:3930
Maintenance & Trust

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version
Downloads269K

Community Trust

Rating76/100
Number of ratings92
Active installs3K
Alternatives

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher Alternatives

Connect Polylang for Elementor

Connect Polylang for Elementor

connect-polylang-elementor

A
100

Connect Polylang with Elementor: translated templates, language switcher widget, language visibility conditions and more

100K No CVEs
Translate WordPress – Google Language Translator

Translate WordPress – Google Language Translator

google-language-translator

A
97

Translate WordPress with Google Language Translator multilanguage plugin which allows to insert Google Translate widget anywhere on your website.

100K 8 CVEs
Prisna GWT – Google Website Translator

Prisna GWT – Google Website Translator

google-website-translator

A
95

Easily translate your WordPress site into 100+ languages to make it multilingual. A simple and complete multilingual solution for WordPress.

8K 3 CVEs
Language Switcher

Language Switcher

language-switcher

A
99

Add a Language Switcher to Menus, Post Types and Taxonomies.

1K 1 CVE
Language Switcher for Transposh

Language Switcher for Transposh

language-switcher-for-transposh

A
99

A professional, highly customizable language switcher for Transposh. Requires Transposh Translation Filter plugin to be installed.

1K 1 CVE
Developer Profile

Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher Developer Profile

bestwebsoft

17 plugins · 207K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
1729 days
View full developer profile
Detection Fingerprints

How We Detect Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multilanguage/css/style.css/wp-content/plugins/multilanguage/js/frontend.js/wp-content/plugins/multilanguage/js/admin.js/wp-content/plugins/multilanguage/css/admin.css/wp-content/plugins/multilanguage/js/custom_fields.js/wp-content/plugins/multilanguage/js/multilanguage_admin_filters.js
Script Paths
/wp-content/plugins/multilanguage/js/frontend.js/wp-content/plugins/multilanguage/js/admin.js/wp-content/plugins/multilanguage/js/custom_fields.js/wp-content/plugins/multilanguage/js/multilanguage_admin_filters.js
Version Parameters
multilanguage/css/style.css?ver=multilanguage/js/frontend.js?ver=multilanguage/js/admin.js?ver=multilanguage/css/admin.css?ver=multilanguage/js/custom_fields.js?ver=multilanguage/js/multilanguage_admin_filters.js?ver=

HTML / DOM Fingerprints

CSS Classes
mltlngg-select-language
HTML Comments
© Copyright 2021 BestWebSoft ( https://support.bestwebsoft.com )pls pls/* After rest-api apdate */
Data Attributes
data-mltlngg-id
JS Globals
mltlngg_frontendmltlngg_varsmltlngg_custom_fieldsmltlngg_shortcode_initmltlngg_add_menu_items
REST Endpoints
/wp-json/mltlngg/
Shortcode Output
[mltlngg_language_switcher]
FAQ

Frequently Asked Questions about Multilanguage by BestWebSoft – WordPress Translation Plugin and Language Switcher