WP-Safety

Smartcat Translator for WPML Security & Risk Analysis

wordpress.org/plugins/smartcat-wpml

The easiest way to translate your WPML-enabled WordPress site into various languages.

60 active installs v3.1.77 PHP 7.0+ WP 5.3+ Updated Mar 13, 2026
languageslocalizationmultilingualtranslationtranslator
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 10, 2025
Plugin page Download
Safety Verdict

Is Smartcat Translator for WPML Safe to Use in 2026?

Generally Safe

Score 99/100

Smartcat Translator for WPML has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 10, 2025Updated 21d ago
Risk Assessment

The "smartcat-wpml" v3.1.77 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates excellent output escaping, with 100% of outputs being properly escaped. It also shows a good practice in its SQL query implementation, with 76% of queries utilizing prepared statements. Furthermore, there are no currently unpatched vulnerabilities, indicating active maintenance. However, a significant concern arises from the attack surface. A total of 16 AJAX handlers were identified, with a staggering 15 of them lacking authentication checks. This creates a substantial entry point for potential attackers. Taint analysis revealed 2 flows with unsanitized paths, though these did not reach critical or high severity in this analysis.

Key Concerns

  • 15 unprotected AJAX handlers
  • 2 unsanitized path taint flows
  • 1 medium severity vulnerability in history
Vulnerabilities
1

Smartcat Translator for WPML Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-9451medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Smartcat Translator for WPML <= 3.1.72 - Authenticated (Author+) SQL Injection via orderby Parameter

Sep 10, 2025 Patched in 3.1.73 (41d)
Code Analysis
Analyzed Mar 16, 2026

Smartcat Translator for WPML Code Analysis

Dangerous Functions
0
Raw SQL Queries
16
51 prepared
Unescaped Output
2
486 escaped
Nonce Checks
9
Capability Checks
3
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

76% prepared67 total queries

Output Escaping

100% escaped488 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
registerCredentials (includes\Controllers\SettingsController.php:16)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

Smartcat Translator for WPML Attack Surface

Entry Points16
Unprotected15

AJAX Handlers 16

authwp_ajax_smartcat_dev_test_html_processorincludes\Services\Development\AjaxHandler.php:20
authwp_ajax_smartcat_create_translation_requestincludes\SmartcatWpml.php:92
authwp_ajax_smartcat_get_translationsincludes\SmartcatWpml.php:93
authwp_ajax_smartcat_update_source_contentincludes\SmartcatWpml.php:94
authwp_ajax_smartcat_add_language_to_translation_requestincludes\SmartcatWpml.php:95
authwp_ajax_smartcat_remove_languageincludes\SmartcatWpml.php:96
authwp_ajax_smartcat_remove_translation_requestincludes\SmartcatWpml.php:97
authwp_ajax_smartcat_remove_post_from_translation_requestincludes\SmartcatWpml.php:98
authwp_ajax_smartcat_translation_request_infoincludes\SmartcatWpml.php:99
authwp_ajax_smartcat_fetch_projectsincludes\SmartcatWpml.php:100
authwp_ajax_smartcat_get_translations_by_post_and_localeincludes\SmartcatWpml.php:101
authwp_ajax_smartcat_clear_logsincludes\SmartcatWpml.php:102
authwp_ajax_smartcat_update_projects_infoincludes\SmartcatWpml.php:103
authwp_ajax_smartcat_new_secretincludes\SmartcatWpml.php:108
authwp_ajax_smartcat_register_credentialsincludes\SmartcatWpml.php:109
authwp_ajax_smartcat_save_settingsincludes\SmartcatWpml.php:110
WordPress Hooks 15
actionadmin_enqueue_scriptsincludes\SmartcatWpml.php:52
actionadmin_enqueue_scriptsincludes\SmartcatWpml.php:53
actionadmin_menuincludes\SmartcatWpml.php:58
actionadd_meta_boxesincludes\SmartcatWpml.php:63
actionplugins_loadedincludes\SmartcatWpml.php:76
actionplugins_loadedincludes\SmartcatWpml.php:77
actionadmin_post_smartcat_update_optionsincludes\SmartcatWpml.php:86
actionadmin_post_smartcat_logoutincludes\SmartcatWpml.php:87
actionadmin_post_smartcat_log_inincludes\SmartcatWpml.php:88
actionadmin_post_smartcat_auth_hostincludes\SmartcatWpml.php:89
actionrest_api_initincludes\SmartcatWpml.php:126
filtercron_schedulesincludes\SmartcatWpml.php:140
actionadmin_noticesincludes\SmartcatWpml.php:164
actionadmin_noticesincludes\SmartcatWpml.php:167
actionadmin_noticesincludes\SmartcatWpml.php:171
Maintenance & Trust

Smartcat Translator for WPML Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.0
Downloads16K

Community Trust

Rating100/100
Number of ratings3
Active installs60
Alternatives

Smartcat Translator for WPML Alternatives

WPC Simple Translate

WPC Simple Translate

easy-translate

A
100

Translate texts in content, slider, form, gallery, page builders widgets... in different languages. [:en]Hello[:fr]Bonjour[:]

70 No CVEs
Translation connectors

Translation connectors

translation-connectors

A
85

Smartcat Translation Manager offers the easiest way to translate your WordPress pages and posts into any language in a few clicks.

10 No CVEs
Gurpreet WebTranslator AI

Gurpreet WebTranslator AI

gurpreet-webtranslator-ai

A
100

Instantly translate WordPress Posts, Pages, and WooCommerce Products using human-like AI Translator. The ultimate SEO localization tool.

0 No CVEs
Tovik

Tovik

tovik

A
100

With Tovik, everyone can understand. Translate your whole site automatically into over 200 languages.

0 No CVEs
Translate WordPress with GTranslate

Translate WordPress with GTranslate

gtranslate

A
99

Translate WordPress with Google Translate multilanguage plugin to make your website multilingual. Complete multilingual SEO solution for WordPress.

900K 5 CVEs
Developer Profile

Smartcat Translator for WPML Developer Profile

smartcatai

2 plugins · 70 total installs

82
trust score
Avg Security Score
92/100
Avg Patch Time
41 days
View full developer profile
Detection Fingerprints

How We Detect Smartcat Translator for WPML

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smartcat-wpml/assets/css/smartcat-wpml.css/wp-content/plugins/smartcat-wpml/assets/css/smartcat-ui.css/wp-content/plugins/smartcat-wpml/assets/js/smartcat-wpml.js/wp-content/plugins/smartcat-wpml/assets/js/smartcat-ui.js/wp-content/plugins/smartcat-wpml/assets/img/icon.svg
Script Paths
assets/js/smartcat-wpml.jsassets/js/smartcat-ui.js
Version Parameters
smartcat-wpml?ver=smartcat-ui?ver=

HTML / DOM Fingerprints

CSS Classes
smartcat-wpmlsmartcat-ui
Data Attributes
data-iddata-postid
JS Globals
smartcat_wpml_datasmartcat_get_translation_request_detailssmartcat_cancel_translation_requestsmartcat_get_translation_statusessmartcat_get_available_languagessmartcat_show_translation_request_preview
FAQ

Frequently Asked Questions about Smartcat Translator for WPML