Does Translate WordPress with Weglot – Multilingual AI Translation have any unpatched vulnerabilities?

No. All known vulnerabilities in Translate WordPress with Weglot – Multilingual AI Translation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Translate WordPress with Weglot – Multilingual AI Translation compatible with WordPress 6.9.4?

According to WordPress.org data, Translate WordPress with Weglot – Multilingual AI Translation 5.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Translate WordPress with Weglot – Multilingual AI Translation Security & Risk Analysis

wordpress.org/plugins/weglot

Translate WordPress sites with automatic AI translation into 110+ languages. Multilingual SEO, WooCommerce compatible, 110k+ sites.

60K active installs v5.4 PHP 7.4+ WP 4.5+ Updated Mar 2, 2026

ai-translationautomatic-translationmultilingualtranslatetranslation

A · Safe

CVEs total2

Unpatched0

Last CVEOct 29, 2025

Plugin page Download

Safety Verdict

Is Translate WordPress with Weglot – Multilingual AI Translation Safe to Use in 2026?

Generally Safe

Score 98/100

Translate WordPress with Weglot – Multilingual AI Translation has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 29, 2025Updated 1mo ago

Risk Assessment

The Weglot plugin v5.4 presents a mixed security posture. While it demonstrates good practices in SQL query handling and output escaping, with 100% prepared statements and 88% properly escaped outputs, there are concerning areas. The presence of one unprotected AJAX handler represents a significant entry point that could be exploited without proper authentication. This is further highlighted by the taint analysis, which, despite a low volume of flows, reveals two instances of unsanitized paths. Although no critical or high severity taint flows were found, the fact that any unsanitized paths exist is a concern for potential XSS or path traversal vulnerabilities.

The plugin's vulnerability history, with two known medium severity CVEs related to Missing Authorization and Cross-site Scripting, is a significant indicator of past weaknesses. The absence of currently unpatched vulnerabilities is positive, but the recurring types of past vulnerabilities suggest a need for ongoing vigilance in code review and authorization checks. The most recent vulnerability being from late 2025, while a future date, suggests a historical pattern of medium-severity issues, not a current pressing concern for the provided version.

In conclusion, Weglot v5.4 has strengths in its data handling and output sanitization. However, the unprotected AJAX handler and past vulnerability patterns, particularly around authorization and XSS, warrant careful consideration. The plugin is not inherently insecure, but the identified entry point and historical context necessitate robust security monitoring and potentially further code hardening.

Key Concerns

Unprotected AJAX handler found
Taint flows with unsanitized paths (2 instances)
2 past medium CVEs (Missing Authorization, XSS)

Vulnerabilities

Translate WordPress with Weglot – Multilingual AI Translation Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-10008medium · 5.3Missing Authorization

Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion

Oct 29, 2025 Patched in 5.2 (1d)

CVE-2024-2124medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Translate WordPress and go Multilingual – Weglot <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes

Mar 19, 2024 Patched in 4.2.6 (1d)

Code Analysis

Analyzed Mar 16, 2026

Translate WordPress with Weglot – Multilingual AI Translation Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

352 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

88% escaped401 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

weglot_save_settings (src\actions\admin\class-options-weglot.php:72)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Translate WordPress with Weglot – Multilingual AI Translation Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 1

authwp_ajax_get_user_infosrc\actions\admin\class-ajax-user-info.php:33

REST API Routes 1

GET/wp-json/weglot/v1/cache/purgesrc\actions\rest\class-cache-purge-rest-weglot.php:43

Shortcodes 1

[weglot_switcher] src\actions\front\class-shortcode-weglot.php:28

WordPress Hooks 96

actioninitblocks\weglot-menu\weglot-menu.php:26

actioninitblocks\weglot-widget\weglot-widget.php:26

filterweglot_active_translationbootstrap.php:154

actionadmin_noticesbootstrap.php:166

actionadmin_noticesbootstrap.php:170

actionadmin_noticesbootstrap.php:172

actionadmin_noticesbootstrap.php:179

actionadmin_noticesbootstrap.php:183

actionadmin_enqueue_scriptssrc\actions\admin\class-admin-enqueue-weglot.php:55

actionadmin_headsrc\actions\admin\class-admin-enqueue-weglot.php:56

actionadmin_head-nav-menus.phpsrc\actions\admin\class-customize-menu-weglot.php:46

actionadmin_enqueue_scriptssrc\actions\admin\class-customize-menu-weglot.php:47

actionwp_update_nav_menu_itemsrc\actions\admin\class-customize-menu-weglot.php:48

actionadd_meta_boxessrc\actions\admin\class-metabox-url-translate-weglot.php:38

actionadd_meta_boxessrc\actions\admin\class-metabox-visual-editor-weglot.php:44

actionadmin_headsrc\actions\admin\class-metabox-visual-editor-weglot.php:58

actionadmin_post_weglot_save_settingssrc\actions\admin\class-options-weglot.php:50

actionadmin_noticessrc\actions\admin\class-options-weglot.php:54

actionadmin_menusrc\actions\admin\class-pages-weglot.php:54

actionadmin_bar_menusrc\actions\admin\class-pages-weglot.php:55

filterwp_mailsrc\actions\class-email-translate-weglot.php:57

actionwidgets_initsrc\actions\class-register-widget-weglot.php:24

actioninitsrc\actions\class-register-widget-weglot.php:25

actioninitsrc\actions\class-register-widget-weglot.php:26

actionenqueue_block_editor_assetssrc\actions\class-register-widget-weglot.php:29

actionwp_enqueue_scriptssrc\actions\front\class-front-enqueue-weglot.php:38

actionlogin_enqueue_scriptssrc\actions\front\class-front-enqueue-weglot.php:39

actionwp_footersrc\actions\front\class-front-enqueue-weglot.php:40

filterstyle_loader_tagsrc\actions\front\class-front-enqueue-weglot.php:41

filterwp_get_nav_menu_itemssrc\actions\front\class-front-menu-weglot.php:66

filternav_menu_link_attributessrc\actions\front\class-front-menu-weglot.php:67

filterwp_nav_menu_objectssrc\actions\front\class-front-menu-weglot.php:68

filtercomment_post_redirectsrc\actions\front\class-redirect-comment.php:24

filterlogout_redirectsrc\actions\front\class-redirect-log-user-weglot.php:24

actionpre_get_postssrc\actions\front\class-search-weglot.php:72

filterget_search_querysrc\actions\front\class-search-weglot.php:73

actioninitsrc\actions\front\class-translate-page-weglot.php:115

actionwp_headsrc\actions\front\class-translate-page-weglot.php:116

actionwp_headsrc\actions\front\class-translate-page-weglot.php:117

actionwp_enqueue_scriptssrc\actions\front\class-translate-page-weglot.php:118

actionwp_headsrc\actions\front\class-translate-page-weglot.php:119

actionrest_api_initsrc\actions\rest\class-cache-purge-rest-weglot.php:35

filterupgrader_pre_installsrc\helpers\class-helper-rollback-weglot.php:46

filterupgrader_clear_destinationsrc\helpers\class-helper-rollback-weglot.php:47

filterweglot_get_options_from_cdn_cachesrc\services\class-option-service-weglot.php:640

filterfinal_outputsrc\services\class-translate-service-weglot.php:74

filterweglot_parser_whitelistsrc\services\class-translate-service-weglot.php:207

actionweglot_render_domsrc\third\amp\class-amp-enqueue-weglot.php:54

filtercache_enabler_bypass_cachesrc\third\cacheenabler\class-cache-enabler-cache.php:51

actionwp_headsrc\third\cacheenabler\class-cache-enabler-cache.php:52

filtercaldera_forms_print_translation_strings_in_footersrc\third\calderaforms\class-caldera-i18n-inline.php:39

filterweglot_add_json_keyssrc\third\contactform7\class-contactform7-json-keys.php:43

filteredd_get_success_page_urisrc\third\edd\class-edd-filter-urls.php:36

filteredd_get_checkout_urisrc\third\edd\class-edd-filter-urls.php:37

filtergform_confirmationsrc\third\gravityforms\class-gf-filter-urls.php:41

filterweglot_initsrc\third\gravityforms\class-gf-filter-urls.php:42

filterweglot_autoredirect_only_homesrc\third\gravityforms\class-gf-filter-urls.php:76

actionwp_enqueue_scriptssrc\third\iubenda\class-iubenda-weglot.php:43

actionwp_headsrc\third\iubenda\class-iubenda-weglot.php:44

filterweglot_tabs_admin_options_availablesrc\third\maintenance\class-maintenance-tracking.php:46

filterweglot_html_treat_pagesrc\third\stackable\class-stackable-translate.php:46

filterweglot_words_translatesrc\third\theeventscalendar\class-theeventscalendar-words.php:44

filterweglot_tabs_admin_options_availablesrc\third\underconstructionpage\class-ucp-tracking.php:46

actionwp_footersrc\third\woocommerce\class-wc-cart-reload-weglot.php:52

filterwoocommerce_get_cart_urlsrc\third\woocommerce\class-wc-filter-urls-weglot.php:60

filterwoocommerce_get_checkout_urlsrc\third\woocommerce\class-wc-filter-urls-weglot.php:64

filterwoocommerce_get_myaccount_page_permalinksrc\third\woocommerce\class-wc-filter-urls-weglot.php:68

filterwoocommerce_payment_successful_resultsrc\third\woocommerce\class-wc-filter-urls-weglot.php:72

filterwoocommerce_get_checkout_order_received_urlsrc\third\woocommerce\class-wc-filter-urls-weglot.php:73

actionwoocommerce_reset_password_notificationsrc\third\woocommerce\class-wc-filter-urls-weglot.php:77

actionwp_headsrc\third\woocommerce\class-wc-filter-urls-weglot.php:81

filterwoocommerce_login_redirectsrc\third\woocommerce\class-wc-filter-urls-weglot.php:83

filterwoocommerce_registration_redirectsrc\third\woocommerce\class-wc-filter-urls-weglot.php:87

filterwoocommerce_cart_item_permalinksrc\third\woocommerce\class-wc-filter-urls-weglot.php:91

filterwoocommerce_get_cart_page_permalinksrc\third\woocommerce\class-wc-filter-urls-weglot.php:99

filterwoocommerce_get_endpoint_urlsrc\third\woocommerce\class-wc-filter-urls-weglot.php:103

actionwoocommerce_new_ordersrc\third\woocommerce\class-wc-mail-weglot.php:54

actionwoocommerce_mail_callback_paramssrc\third\woocommerce\class-wc-mail-weglot.php:55

filterweglot_translate_email_languages_forcedsrc\third\woocommerce\class-wc-mail-weglot.php:96

filterweglot_translate_email_languages_forcedsrc\third\woocommerce\class-wc-mail-weglot.php:122

filterweglot_tabs_admin_options_availablesrc\third\woocommerce\class-wc-tracking-weglot.php:42

filterwpo_wcpdf_before_dompdf_rendersrc\third\woocommercepdf\class-wcpdf-weglot.php:52

filterwpo_wcpdf_after_mpdf_writesrc\third\woocommercepdf\class-wcpdf-weglot.php:53

filterwpo_can_cache_pagesrc\third\wpoptimize\class-wp-optimize-cache.php:46

filterwpestate_datepicker_languagesrc\third\wprentals\class-wprentals-translate-calendar.php:46

actionsend_headerssrc\third\wprocket\class-wprocket-cache.php:52

actionadmin_noticesweglot.php:95

actionadmin_noticesweglot.php:170

actionadmin_noticesweglot.php:181

actionadmin_noticesweglot.php:192

actionadmin_noticesweglot.php:203

filterrocket_htaccess_mod_rewriteweglot.php:310

filterrocket_cache_mandatory_cookiesweglot.php:311

actionadmin_post_weglot_rollbackweglot.php:384

actionplugins_loadedweglot.php:405

actionbefore_woocommerce_initweglot.php:416

Maintenance & Trust

Translate WordPress with Weglot – Multilingual AI Translation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.4

Downloads3.1M

Community Trust

Rating96/100

Number of ratings1,919

Active installs60K

Alternatives

Translate WordPress with Weglot – Multilingual AI Translation Alternatives

AI Translation For TranslatePress

automatic-translate-addon-for-translatepress

100

Auto-translate unlimited strings and characters using AI & Machine Translation tools without any external API Key!

10K No CVEs

Linguise – AI Automatic Multilingual Translation

linguise

100

Linguise is a top-quality automatic AI translation with a front-end translation editor. 5' install, SEO-optimized translations, 85+ languages

1K No CVEs

Translate Website & Rank Globally with SEO & GEO – MultiLipi AI Translation

multilipi-multilingual-seo

100

Make WordPress multilingual with AI. Translate website & rank globally using built-in SEO + GEO infrastructure (Hreflang, Schema) to grow traffic

70 No CVEs

Translate Multilingual sites – TranslatePress

translatepress-multilingual

Translate your entire site directly from the front-end and go multilingual. Full support for WooCommerce, page builders + Google Translate integration

400K 5 CVEs

LocoAI – Auto Translate For Loco Translate

automatic-translator-addon-for-loco-translate

100

LocoAI - Auto Translate For Loco Translate is a powerful tool for developers looking to quickly translate their WordPress plugins and themes.

80K No CVEs

Developer Profile

Translate WordPress with Weglot – Multilingual AI Translation Developer Profile

Weglot Translate Team

1 plugin · 60K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Translate WordPress with Weglot – Multilingual AI Translation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/weglot/dist/app.js/wp-content/plugins/weglot/dist/weglot_selector.js/wp-content/plugins/weglot/dist/ Weglot_admin.js/wp-content/plugins/weglot/dist/ wegloT_menu.js

Script Paths