Does Quran multilanguage Text & Audio have any unpatched vulnerabilities?

No. All known vulnerabilities in Quran multilanguage Text & Audio have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Quran multilanguage Text & Audio compatible with WordPress 6.9.4?

According to WordPress.org data, Quran multilanguage Text & Audio 3.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Quran multilanguage Text & Audio updated?

Quran multilanguage Text & Audio was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Quran multilanguage Text & Audio's security score?

Quran multilanguage Text & Audio has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Quran multilanguage Text & Audio Security & Risk Analysis

wordpress.org/plugins/quran-text-multilanguage

Quran plugin with 30 languages, 32 reciters, and customizable interface.

600 active installs v3.0.3 PHP + WP 3.0.1+ Updated Mar 13, 2026

audioislammultilanguagemuslimquran

A · Safe

CVEs total2

Unpatched0

Last CVEMay 7, 2025

Download

Safety Verdict

Is Quran multilanguage Text & Audio Safe to Use in 2026?

Generally Safe

Score 98/100

Quran multilanguage Text & Audio has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 7, 2025Updated 22d ago

Risk Assessment

The "quran-text-multilanguage" plugin v3.0.3 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. With 10 out of 10 AJAX handlers lacking authentication checks, this presents a substantial attack surface for unauthorized actions or data manipulation. While the plugin avoids dangerous functions and has no external HTTP requests, the low percentage of properly escaped output (34%) and the presence of 5 unsanitized path taint flows are worrying, indicating potential for Cross-Site Scripting (XSS) vulnerabilities if user input is not handled carefully.

The vulnerability history shows 2 known medium-severity CVEs, both related to Cross-Site Scripting. While these are reported as patched, the recurring nature of XSS vulnerabilities suggests a pattern of insufficient input sanitization and output escaping. Despite having some capabilities checks and nonce checks, these are heavily outweighed by the lack of authentication on critical entry points. In conclusion, the plugin has some strengths in avoiding dangerous functions and external requests, but the critical weaknesses in authentication for AJAX handlers and output escaping, coupled with past XSS issues, make it a high-risk plugin that requires immediate attention and remediation.

Key Concerns

10 unprotected AJAX handlers
34% of outputs properly escaped
5 unsanitized path taint flows
2 medium severity CVEs in history
SQL queries not always prepared

Vulnerabilities

Quran multilanguage Text & Audio Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-47524medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quran multilanguage Text & Audio <= 2.3.23 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 7, 2025 Patched in 2.3.24 (7d)

CVE-2024-11973medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quran multilanguage Text & Audio <= 2.3.21 - Reflected Cross-Site Scripting via sourate and lang Parameters

Dec 9, 2024 Patched in 2.3.22 (1d)

Code Analysis

Analyzed Mar 16, 2026

Quran multilanguage Text & Audio Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

135

71 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared2 total queries

Output Escaping

34% escaped206 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

qtm_load_verses_chunk (inc\functions_quran.php:58)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Quran multilanguage Text & Audio Attack Surface

Entry Points11

Unprotected10

AJAX Handlers 10

authwp_ajax_qtm_changesuraquran-text-multilanguage.php:464

noprivwp_ajax_qtm_changesuraquran-text-multilanguage.php:465

authwp_ajax_qtm_changelanguagequran-text-multilanguage.php:466

noprivwp_ajax_qtm_changelanguagequran-text-multilanguage.php:467

authwp_ajax_qtm_changeprevsuraquran-text-multilanguage.php:468

noprivwp_ajax_qtm_changeprevsuraquran-text-multilanguage.php:469

authwp_ajax_qtm_changenextsuraquran-text-multilanguage.php:470

noprivwp_ajax_qtm_changenextsuraquran-text-multilanguage.php:471

authwp_ajax_qtm_load_verses_chunkquran-text-multilanguage.php:472

noprivwp_ajax_qtm_load_verses_chunkquran-text-multilanguage.php:473

Shortcodes 1

[quran] quran-text-multilanguage.php:485

WordPress Hooks 4

actionadmin_menuquran-text-multilanguage.php:20

actionadmin_initquran-text-multilanguage.php:24

actionwp_enqueue_scriptsquran-text-multilanguage.php:393

actionwp_enqueue_scriptsquran-text-multilanguage.php:461

Maintenance & Trust

Quran multilanguage Text & Audio Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version

Downloads28K

Community Trust

Rating100/100

Number of ratings17

Active installs600

Alternatives

Quran multilanguage Text & Audio Alternatives

Quran Live Multilanguage

quran-live

Quran live Multilanguage translated into 29 languages.

20 No CVEs

Ayah of the Day WordPress Widget

ayah-of-the-day

It displays translation of a verse from Holy Quran(Muslim's holy book) on your blog sidebar.

10 No CVEs

Five Prayer

fiveprayer

100

Five Prayer displays accurate Muslim prayer times and timetables directly inside WordPress.

10 No CVEs

MP3 Quran Translations All Languages

mp3-quran

100

Mp3 Quran in all languages and in the voice of 54 Reciters.

10 No CVEs

Quran verse a day

quran-verse-a-day

Display a random verse from the Holy Quran in Bangla or English.

10 No CVEs

Developer Profile

Quran multilanguage Text & Audio Developer Profile

karim42

4 plugins · 760 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect Quran multilanguage Text & Audio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/quran-text-multilanguage/admin/js/jscolor/jscolor.js

HTML / DOM Fingerprints

FAQ

Quran multilanguage Text & Audio Security & Risk Analysis

Is Quran multilanguage Text & Audio Safe to Use in 2026?

Generally Safe

Key Concerns

Quran multilanguage Text & Audio Security Vulnerabilities

CVEs by Year

Severity Breakdown

Quran multilanguage Text & Audio Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Quran multilanguage Text & Audio Attack Surface

AJAX Handlers 10

Shortcodes 1

Quran multilanguage Text & Audio Maintenance & Trust

Maintenance Signals

Community Trust

Quran multilanguage Text & Audio Alternatives

Quran Live Multilanguage

Ayah of the Day WordPress Widget

Five Prayer

MP3 Quran Translations All Languages

Quran verse a day

Quran multilanguage Text & Audio Developer Profile

How We Detect Quran multilanguage Text & Audio

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Quran multilanguage Text & Audio