Does WP e-Commerce Multilingual have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP e-Commerce Multilingual compatible with WordPress 3.3.2?

According to WordPress.org data, WP e-Commerce Multilingual 0.2 has been tested up to WordPress 3.3.2. Check the plugin's changelog for the latest compatibility information.

How often is WP e-Commerce Multilingual updated?

WP e-Commerce Multilingual was last updated on Dec 31, 2011. Frequent updates are generally a positive security signal.

What is WP e-Commerce Multilingual's security score?

WP e-Commerce Multilingual has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP e-Commerce Multilingual Security & Risk Analysis

wordpress.org/plugins/wp-e-commerce-multilingual

Allows running complete multilingual e-commerce sites using the WP E-Commerce and WPML.

10 active installs v0.2 PHP + WP 3.0+ Updated Dec 31, 2011

ecommercemultilingual

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP e-Commerce Multilingual Safe to Use in 2026?

Generally Safe

Score 85/100

WP e-Commerce Multilingual has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The 'wp-e-commerce-multilingual' plugin v0.2 exhibits a mixed security posture. While the static analysis indicates a seemingly small attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events directly exposed without authentication, this is overshadowed by significant code-level concerns. The presence of the `unserialize` function is a critical red flag, especially in conjunction with a high number of unsanitized taint flows. The fact that 100% of SQL queries are not using prepared statements is also a serious risk, making the plugin highly susceptible to SQL injection vulnerabilities. The lack of capability checks and nonce checks further amplifies these risks by not enforcing proper authorization or preventing CSRF attacks. The plugin's vulnerability history is clean, with no recorded CVEs. This might suggest that the plugin has not been widely targeted or that previous versions did not contain exploitable flaws. However, the current static analysis findings present a substantial theoretical risk that could be easily exploited if an attacker can control the input to the `unserialize` function or the SQL queries. The absence of known vulnerabilities should not be mistaken for current security, given the identified critical code signals.

Key Concerns

Unsanitized taint flows (High severity)
Dangerous function: unserialize
SQL queries without prepared statements
No nonce checks
No capability checks
Unescaped output detected

Vulnerabilities

None known

WP e-Commerce Multilingual Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP e-Commerce Multilingual Release Timeline

v0.2Current

v0.1

Code Analysis

Analyzed Mar 16, 2026

WP e-Commerce Multilingual Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$wpsc_cookie = unserialize(urldecode($_COOKIE['wpsc_multilingual']));wp-e-commerce-multilingual.class.php:183

SQL Query Safety

0% prepared2 total queries

Output Escaping

50% escaped2 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

set_user_language (wp-e-commerce-multilingual.class.php:173)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP e-Commerce Multilingual Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 23

actionplugins_loadedplugin.php:14

actionadmin_noticesplugin.php:17

actioninitwp-e-commerce-multilingual.class.php:13

filterpre_option_shopping_cart_urlwp-e-commerce-multilingual.class.php:20

filterpre_option_product_list_urlwp-e-commerce-multilingual.class.php:21

filterpre_option_checkout_urlwp-e-commerce-multilingual.class.php:22

filterpre_option_transact_urlwp-e-commerce-multilingual.class.php:23

filterpre_option_user_account_urlwp-e-commerce-multilingual.class.php:24

actioninitwp-e-commerce-multilingual.class.php:26

actiontemplate_redirectwp-e-commerce-multilingual.class.php:27

filterwpsc_product_permalinkwp-e-commerce-multilingual.class.php:31

actioninitwp-e-commerce-multilingual.class.php:34

actionadmin_print_scriptswp-e-commerce-multilingual.class.php:37

filterwpsc_downloads_metaboxwp-e-commerce-multilingual.class.php:39

filterpre_get_postswp-e-commerce-multilingual.class.php:43

filterwpsc_add_to_cart_product_idwp-e-commerce-multilingual.class.php:52

filterwpsc_cart_item_namewp-e-commerce-multilingual.class.php:58

filterwpsc_cart_item_urlwp-e-commerce-multilingual.class.php:59

filterwpec_get_the_post_id_by_shortcodewp-e-commerce-multilingual.class.php:62

filterwpsc_cart_log_product_namewp-e-commerce-multilingual.class.php:65

actionwpsc_submit_checkoutwp-e-commerce-multilingual.class.php:68

filterterms_clauseswp-e-commerce-multilingual.class.php:92

filterterms_clauseswp-e-commerce-multilingual.class.php:125

Maintenance & Trust

WP e-Commerce Multilingual Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2

Last updatedDec 31, 2011

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

WP e-Commerce Multilingual Alternatives

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

Make your store multilingual and enable multiple currencies.

100K 5 CVEs

WooCommerce

woocommerce

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 43 CVEs

Loco Translate

loco-translate

Translate WordPress plugins and themes directly in your browser. Versatile PO file editor with integrated AI translation providers.

1.0M 5 CVEs

Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation

optinmonster

🤩 Make popups & optin forms to get more email newsletter subscribers, leads, and sales - #1 most popular popup builder plugin! 🚀

1.0M 6 CVEs

Translate WordPress with GTranslate

gtranslate

Translate WordPress with Google Translate multilanguage plugin to make your website multilingual. Complete multilingual SEO solution for WordPress.

900K 5 CVEs

Developer Profile

WP e-Commerce Multilingual Developer Profile

Amir Helzer

9 plugins · 108K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

53 days

View full developer profile

Detection Fingerprints

How We Detect WP e-Commerce Multilingual

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-e-commerce-multilingual/js/admin-wpec-ml.js/wp-content/plugins/wp-e-commerce-multilingual/css/admin-wpec-ml.css

Script Paths

/wp-content/plugins/wp-e-commerce-multilingual/js/admin-wpec-ml.js

Version Parameters

wp-e-commerce-multilingual/js/admin-wpec-ml.js?ver=wp-e-commerce-multilingual/css/admin-wpec-ml.css?ver=

HTML / DOM Fingerprints

FAQ