Does Pure PHP Localization have any unpatched vulnerabilities?

No. All known vulnerabilities in Pure PHP Localization have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pure PHP Localization compatible with WordPress 3.0.5?

According to WordPress.org data, Pure PHP Localization 0.6.1 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Pure PHP Localization updated?

Pure PHP Localization was last updated on Apr 27, 2012. Frequent updates are generally a positive security signal.

What is Pure PHP Localization's security score?

Pure PHP Localization has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pure PHP Localization Security & Risk Analysis

wordpress.org/plugins/pure-php-localization

Converts gettext binary message catalogs to an array of strings.

100 active installs v0.6.1 PHP + WP 2.1+ Updated Apr 27, 2012

l10nmemoryoptimizationphptranslations

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Pure PHP Localization Safe to Use in 2026?

Generally Safe

Score 85/100

Pure PHP Localization has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The 'pure-php-localization' plugin v0.6.1 exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs in its history is a significant positive indicator, suggesting a history of stable and secure development. Furthermore, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and ensuring all outputs are properly escaped, mitigating common web vulnerabilities.

However, there are a couple of areas that warrant attention. The presence of the `create_function` function is a concern, as it is deprecated and can be a source of security risks if not handled with extreme care due to its ability to execute arbitrary PHP code. While no taint flows were detected in this analysis, the potential for misuse of this function remains. Additionally, the plugin performs several file operations without any apparent capability checks or nonce protections on its entry points. While the attack surface appears to be zero based on the metrics, the file operations coupled with the lack of authorization checks could be a potential vector if an indirect entry point exists that wasn't captured.

In conclusion, 'pure-php-localization' v0.6.1 benefits from a clean vulnerability history and sound data handling practices. The primary risks stem from the use of a deprecated function and the potential exposure of file operations without robust authorization. Addressing these specific points would further solidify its security.

Key Concerns

Use of dangerous function: create_function
File operations without explicit auth checks

Vulnerabilities

None known

Pure PHP Localization Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Pure PHP Localization Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$select_plural_form = create_function('$n', $func_body);gettext-filters.php:103

Attack Surface

Pure PHP Localization Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

filtergettextgettext-filters.php:38

filtergettext_with_contextgettext-filters.php:56

filterngettextgettext-filters.php:124

filterngettext_with_contextgettext-filters.php:141

actionupdate_option_active_pluginspure-php-localization.php:91

actionupdate_option_templatepure-php-localization.php:92

filterload_textdomain_mofilepure-php-localization.php:148

filteroverride_load_textdomainpure-php-localization.php:160

filterlocalepure-php-localization.php:218

actionshutdownpure-php-localization.php:248

actionplugins_loadedpure-php-localization.php:252

Maintenance & Trust

Pure PHP Localization Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedApr 27, 2012

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Pure PHP Localization Alternatives

WPLANG Lite

wplang-lite

Creates a separate tiny .mo file to use on a site front-end.

500 No CVEs

Server IP & Memory Usage Display

server-ip-memory-usage

100

Show the memory limit, current memory usage and IP address in the admin footer.

30K No CVEs

WP-Memory-Usage

wp-memory-usage

100

Monitor PHP memory usage, set alert thresholds, and diagnose your server configuration — directly inside WordPress admin.

10K No CVEs

MaxLimits – Increase Maximum Upload, Post & PHP Limits

maxlimits-increase-maximum-limits

100

Easily increase max upload size, post size, PHP memory limit, and execution time directly from your WordPress dashboard. Fix common limit errors.

900 No CVEs

MyServerInfo – Memory Usage, PHP Version, Memory Limit, Execution Time, CPU Usage, Disk Usage

my-server-info

100

Displays Usage (CPU , Disk, Memory), PHP and MySQL Version, WP Memory Limit, PHP Execution Time, Max Input Vars, IP Address, Uptime, Timezone.

700 No CVEs

Developer Profile

Pure PHP Localization Developer Profile

Sergey Biryukov

23 plugins · 313K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pure PHP Localization

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ