Does Performant Translations have any unpatched vulnerabilities?

No. All known vulnerabilities in Performant Translations have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Performant Translations compatible with WordPress 6.9.4?

According to WordPress.org data, Performant Translations 1.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Performant Translations compatible with PHP 7.0+?

Performant Translations requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Performant Translations updated?

Performant Translations was last updated on Dec 5, 2025. Frequent updates are generally a positive security signal.

What is Performant Translations's security score?

Performant Translations has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Performant Translations Security & Risk Analysis

wordpress.org/plugins/performant-translations

Making internationalization/localization in WordPress faster than ever before.

40K active installs v1.2.0 PHP 7.0+ WP 6.5+ Updated Dec 5, 2025

i18ninternationalizationlocalizationperformancetranslation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Performant Translations Safe to Use in 2026?

Generally Safe

Score 100/100

Performant Translations has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The performant-translations v1.2.0 plugin demonstrates a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, indicating a minimal attack surface. Furthermore, the code adheres to secure coding practices by exclusively using prepared statements for SQL queries and ensuring all outputs are properly escaped. The lack of dangerous functions and external HTTP requests further reinforces this positive assessment.

The vulnerability history is equally reassuring, with no known CVEs recorded for this plugin. This suggests a history of responsible development and diligent security patching. However, the static analysis does reveal two instances of file operations, which, while not inherently problematic, warrant attention. Without further context, it's impossible to determine if these operations are handled securely, especially concerning potential path traversal or insecure file uploads/downloads.

In conclusion, performant-translations v1.2.0 appears to be a securely developed plugin with a commendable lack of known vulnerabilities and a well-mitigated attack surface. The primary area for potential concern lies in the two file operations, which should be reviewed to ensure they do not introduce any unforeseen risks. Overall, the plugin's security is robust, built on a foundation of good coding practices.

Key Concerns

File operations present (potential risk)

Vulnerabilities

None known

Performant Translations Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Performant Translations Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Performant Translations Attack Surface

Entry Points0

Unprotected0

Maintenance & Trust

Performant Translations Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 5, 2025

PHP min version7.0

Downloads193K

Community Trust

Rating98/100

Number of ratings16

Active installs40K

Alternatives

Performant Translations Alternatives

Preferred Languages

preferred-languages

Choose languages for displaying WordPress in, in order of preference.

2K 1 CVE

Translation Stats

translation-stats

100

Show plugins translation stats on your WordPress install.

20 No CVEs

Translator with Baidu Service

translator-with-baidu-service

Translate your site in many languages with this plugin from JoyBin, Inc. The translating service provider is Baidu.

10 No CVEs

Admin in English

admin-in-english

Admin in English lets you have your administration panel in English, even if the rest of your blog is translated into another language.

1K No CVEs

WOVN.io

wovn-io

100

Localize your website, translate web pages in minutes.

200 No CVEs

Developer Profile

Performant Translations Developer Profile

Pascal Birchler

4 plugins · 53K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Performant Translations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/performant-translations/assets/css/admin.css/wp-content/plugins/performant-translations/assets/js/admin.js

Script Paths

/wp-content/plugins/performant-translations/assets/js/admin.js

Version Parameters

performant-translations/assets/css/admin.css?ver=performant-translations/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

performant-translations-settings-page

HTML Comments

Performant Translations SettingsPerformant Translations

Data Attributes

data-performant-translations-key

JS Globals

PerformantTranslationsAdmin

FAQ