Does Posts 2 Posts – WPML integration have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Posts 2 Posts – WPML integration compatible with WordPress 3.6.1?

According to WordPress.org data, Posts 2 Posts – WPML integration 1.2.5 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Posts 2 Posts – WPML integration updated?

Posts 2 Posts – WPML integration was last updated on Dec 24, 2013. Frequent updates are generally a positive security signal.

What is Posts 2 Posts – WPML integration's security score?

Posts 2 Posts – WPML integration has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Posts 2 Posts – WPML integration Security & Risk Analysis

wordpress.org/plugins/p2p-wpml

Integration between WPML and Posts 2 Posts.

100 active installs v1.2.5 PHP + WP 3.5.1+ Updated Dec 24, 2013

icanlocalizep2pposts-to-postssitepresswpml

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Posts 2 Posts – WPML integration Safe to Use in 2026?

Generally Safe

Score 85/100

Posts 2 Posts – WPML integration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The plugin "p2p-wpml" v1.2.5 presents a mixed security posture. On the positive side, static analysis reveals no identified attack surface points that are unprotected, and the plugin exhibits no known vulnerabilities (CVEs) or recorded common vulnerability types. This suggests a generally well-developed plugin with an absence of historical security issues.

However, significant concerns arise from the code signals. The plugin performs SQL queries without using prepared statements, which is a critical security risk that could lead to SQL injection vulnerabilities. Furthermore, a substantial portion of its output is not properly escaped. This lack of output escaping creates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site. The absence of capability checks and nonce checks on its entry points, although the entry points are currently zero, indicates a potential future risk if the plugin is expanded without implementing these fundamental security measures.

In conclusion, while the plugin's lack of known CVEs and zero attack surface points are strengths, the presence of raw SQL queries and unescaped output are severe weaknesses that demand immediate attention. The plugin's current security is compromised by these coding practices, and it should not be deployed in a production environment until these critical issues are remediated.

Key Concerns

SQL queries not using prepared statements
Output not properly escaped
No capability checks
No nonce checks

Vulnerabilities

None known

Posts 2 Posts – WPML integration Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Posts 2 Posts – WPML integration Release Timeline

v1.2.5Current

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Posts 2 Posts – WPML integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped5 total outputs

Attack Surface

Posts 2 Posts – WPML integration Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 16

actionadmin_menuadmin.php:14

actionadmin_initadmin.php:22

actioninitp2p-wpml.php:19

actionp2p_initp2p-wpml.php:22

actionadmin_noticesp2p-wpml.php:26

actionplugins_loadedp2p-wpml.php:73

actionp2p_created_connectionsynchronizer.php:10

actionp2p_delete_connectionssynchronizer.php:11

actionedit_postsynchronizer.php:14

actionsave_postsynchronizer.php:17

actionparse_querysynchronizer.php:21

actionadded_p2p_metasynchronizer.php:26

actiondeleted_p2p_metasynchronizer.php:27

actionupdated_p2p_metasynchronizer.php:28

actionadmin_initui\ui.php:5

actionadd_meta_boxesui\ui.php:9

Maintenance & Trust

Posts 2 Posts – WPML integration Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedDec 24, 2013

PHP min version

Downloads9K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Posts 2 Posts – WPML integration Alternatives

WP Editor Widget

wp-editor-widget

WP Editor Widget adds a rich text widget where the content is edited using the standard WordPress visual editor.

10K No CVEs

WPML Widgets

wpml-widgets

WPML Widgets is a simple to use extension to add a language selector dropdown to your widgets.

10K No CVEs

WPML Multilingual for BuddyPress and BuddyBoss

buddypress-multilingual

100

WPML Multilingual for BuddyPress and BuddyBoss allows BuddyPress and BuddyBoss sites to run fully multilingual using the WPML plugin.

7K No CVEs

Simple Yearly Archive

simple-yearly-archive

100

Simple Yearly Archive is a rather neat and simple Wordpress plugin that allows you to display your archives in a year-based list.

6K 1 CVE

WPML to Polylang

wpml-to-polylang

Import multilingual data from WPML into Polylang.

6K No CVEs

Developer Profile

Posts 2 Posts – WPML integration Developer Profile

lencinhaus

2 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Posts 2 Posts – WPML integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/p2p-wpml/ui/ui.js

Script Paths

ui.js

Version Parameters

p2p-wpml-admin

HTML / DOM Fingerprints

FAQ