Translation Detector Security & Risk Analysis

wordpress.org/plugins/translation-detector

Translation detector display a simple button to navigate to a post translation created with polylang.

20 active installs v1.3.5 PHP + WP 3.7+ Updated Apr 11, 2016
detectorlanguagepolylangposttranslation
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Translation Detector Safe to Use in 2026?

Generally Safe

Score 85/100

Translation Detector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The 'translation-detector' plugin v1.3.5 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no raw SQL queries, and no external HTTP requests, which are good indicators. The absence of known vulnerabilities in its history is also a strength. However, a significant concern arises from the complete lack of output escaping for all 14 identified output points. This presents a considerable risk of Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is ever rendered directly on the page. While the attack surface is small and appears to have no unprotected entry points, the lack of proper output sanitization is a critical oversight that diminishes the overall security of the plugin. The plugin's vulnerability history being clean thus far might be due to its limited functionality or the fact that its potential weaknesses haven't been actively exploited or discovered.

Key Concerns

  • 0% of outputs properly escaped
Vulnerabilities
None known

Translation Detector Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Translation Detector Release Timeline

v1.3.5Current
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3
v1.2
v1.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

Translation Detector Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped14 total outputs
Attack Surface

Translation Detector Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[translations-links-generation] translation-detector-functions.php:67
[translations-style-generation] translation-detector-functions.php:167
WordPress Hooks 7
actionadmin_enqueue_scriptstranslation-detector-admin.php:12
filterpll_get_stringstranslation-detector-admin.php:30
actionadmin_menutranslation-detector-admin.php:40
actionadmin_inittranslation-detector-admin.php:56
filterthe_contenttranslation-detector-functions.php:26
actioninittranslation-detector.php:59
filterplugin_row_metatranslation-detector.php:84
Maintenance & Trust

Translation Detector Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedApr 11, 2016
PHP min version
Downloads4K

Community Trust

Rating74/100
Number of ratings3
Active installs20
Developer Profile

Translation Detector Developer Profile

Guillaume DIARD

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Translation Detector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/translation-detector/js/translation-detector.js
Script Paths
/wp-content/plugins/translation-detector/js/translation-detector.js

HTML / DOM Fingerprints

Data Attributes
name="tdfp_settings[text]"name="tdfp_settings[color]"name="tdfp_settings[background]"name="tdfp_settings[hover]"class="color-field"name="tdfp_settings[select_display]"+1 more
JS Globals
tdfp_admin_color_picker
FAQ

Frequently Asked Questions about Translation Detector