WP-Safety

Prisna YT – Яндекс Переводчик Security & Risk Analysis

wordpress.org/plugins/wp-yandex-translate

Добавьте себе виджет Яндекс переводчик.

80 active installs v1.0.9 PHP 5.6+ WP 3.3+ Updated Dec 8, 2025
%d0%bf%d0%b5%d1%80%d0%b5%d0%b2%d0%b5%d1%81%d1%82%d0%b8-%d0%b0%d0%b2%d1%82%d0%be%d0%bc%d0%b0%d1%82%d0%b8%d1%87%d0%b5%d1%81%d0%ba%d0%b8%d0%bf%d0%b5%d1%80%d0%b5%d0%b2%d0%b5%d1%81%d1%82%d0%b8-%d0%b2%d0%b5%d0%b1-%d1%81%d0%b0%d0%b9%d1%82%d0%bf%d0%b5%d1%80%d0%b5%d0%b2%d0%b5%d1%81%d1%82%d0%b8-%d1%8f%d0%b7%d1%8b%d0%ba%d1%8f%d0%b7%d1%8b%d0%ba%d0%be%d0%b2%d0%be%d0%b9-%d0%bf%d0%b5%d1%80%d0%b5%d0%b2%d0%be%d0%b4%d1%87%d0%b8%d0%bayandex-translate
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Prisna YT – Яндекс Переводчик Safe to Use in 2026?

Generally Safe

Score 100/100

Prisna YT – Яндекс Переводчик has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "wp-yandex-translate" v1.0.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all its SQL queries and includes nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggest a generally stable codebase.

However, several concerning code signals warrant attention. The presence of dangerous functions like `unserialize`, `preg_replace(/e)`, and `create_function` is a significant red flag, as these can be exploited for arbitrary code execution if not handled with extreme caution and proper sanitization. While the taint analysis shows no critical or high severity flows, the fact that 3 out of 4 analyzed flows have unsanitized paths suggests potential for vulnerabilities if user-supplied data reaches these dangerous functions without adequate input validation. Furthermore, only 29% of output escaping is properly handled, which could lead to cross-site scripting (XSS) vulnerabilities if untrusted data is displayed to users without proper sanitization.

In conclusion, while the plugin has a clean track record and employs some fundamental security measures, the identified dangerous functions and unsanitized taint flows, coupled with insufficient output escaping, present notable risks. A thorough audit and remediation of these specific code areas are recommended to strengthen its security posture.

Key Concerns

  • Presence of dangerous functions: unserialize, preg_replace(/e), create_function
  • Unsanitized paths in taint flows
  • Low percentage of properly escaped output
Vulnerabilities
None known

Prisna YT – Яндекс Переводчик Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Prisna YT – Яндекс Переводчик Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
3 prepared
Unescaped Output
10
4 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialize = @unserialize($to_unserialize, array('allowed_classes' => false));classes\admin.class.php:286
preg_replace(/e)preg_replace('/^(\-)?([0-9]+)(\.[0-9]+)?([eE]\+[0-9]+)?/e'classes\common.class.php:1185
create_function$i = create_function('&$e, $p, $l', 'return intval(substr($e, $p, $l));');classes\common.class.php:1009

SQL Query Safety

100% prepared3 total queries

Output Escaping

29% escaped14 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
renderCSS (classes\common.class.php:35)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Prisna YT – Яндекс Переводчик Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 7
actionadmin_initclasses\admin.class.php:10
actionadmin_headclasses\admin.class.php:11
actionplugins_loadedclasses\admin.class.php:12
actionadmin_menuclasses\admin.class.php:83
actionwidgets_initclasses\common.class.php:875
actionwp_enqueue_scriptsclasses\main.class.php:8
actionwp_footerclasses\main.class.php:9
Maintenance & Trust

Prisna YT – Яндекс Переводчик Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version5.6
Downloads8K

Community Trust

Rating70/100
Number of ratings4
Active installs80
Alternatives

Prisna YT – Яндекс Переводчик Alternatives

No alternatives data available yet.

Developer Profile

Prisna YT – Яндекс Переводчик Developer Profile

Prisna

4 plugins · 8K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
47 days
View full developer profile
Detection Fingerprints

How We Detect Prisna YT – Яндекс Переводчик

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-yandex-translate/javascript/common.class.js/wp-content/plugins/wp-yandex-translate/styles/admin.css
Script Paths
/wp-content/plugins/wp-yandex-translate/javascript/common.class.js/wp-content/plugins/wp-yandex-translate/javascript/admin.class.js
Version Parameters
prisna-ywt-admin-common?ver=prisna-ywt-admin?ver=

HTML / DOM Fingerprints

CSS Classes
prisna-ywt-admin
Data Attributes
data-prisna-tabdata-prisna-tab-2
JS Globals
prisna_tabprisna_tab_2
FAQ

Frequently Asked Questions about Prisna YT – Яндекс Переводчик