
Translation with DeepL API Security & Risk Analysis
wordpress.org/plugins/wpdeeplGet DeepL translation magic into your WordPress Admin. Not affiliated with or endorsed by DeepL SE. DeepL® is a registered trademark of DeepL SE.
Is Translation with DeepL API Safe to Use in 2026?
Generally Safe
Score 99/100Translation with DeepL API has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The wpdeepl plugin exhibits a mixed security posture. On the positive side, static analysis reveals a very small attack surface with no identified unprotected entry points. The code also demonstrates strong adherence to secure coding practices regarding SQL queries, with all queries using prepared statements. Furthermore, output escaping is highly effective, with 98% of outputs properly escaped, and a significant number of capability checks are in place. However, a critical concern arises from the presence of the `unserialize` function, which is inherently risky if used with untrusted input. While the taint analysis did not reveal any unsanitized paths for this specific version, the potential for misuse remains significant.
The vulnerability history is particularly noteworthy. The plugin has a history of 3 medium-severity CVEs, specifically related to Cross-Site Request Forgery (CSRF) and Exposure of Sensitive Information. The fact that these vulnerabilities have been patched indicates the developers are responsive to security issues, but the repeated occurrence of certain vulnerability types suggests potential recurring weaknesses in input validation or handling that could be exploited. The most recent vulnerability was in October 2023.
In conclusion, wpdeepl has strengths in its limited attack surface and diligent use of prepared statements and output escaping. However, the `unserialize` function represents a latent risk, and the past prevalence of CSRF and information exposure vulnerabilities warrants careful monitoring and potentially deeper code review to ensure these issues are permanently addressed. The current version appears free of known unpatched vulnerabilities, which is a positive sign.
Key Concerns
- Presence of unserialize function
- History of 3 medium CVEs
Translation with DeepL API Security Vulnerabilities
CVEs by Year
Severity Breakdown
3 total CVEs
DeepL Pro API translation <= 2.4.1.1 - Cross-Site Request Forgery via wpdeepl_prune_logs
DeepL Pro API translation <= 2.1.4 - Cross-Site Request Forgery via saveSettings
DeepL Pro API Translation <= 1.7.4 - Sensitive Information Disclosure
Translation with DeepL API Release Timeline
Translation with DeepL API Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Translation with DeepL API Attack Surface
WordPress Hooks 14
Maintenance & Trust
Translation with DeepL API Maintenance & Trust
Maintenance Signals
Community Trust
Translation with DeepL API Alternatives
Auto Translator for Polylang
auto-translator-polylang
Auto Translator for Polylang translates posts, categories, tags, and pages with one click.
Translation Detector
translation-detector
Translation detector display a simple button to navigate to a post translation created with polylang.
Translate English Words by Vocabla
english-words-translator-by-vocabla
It lets your international visitors translate English words using double click.
Annotation By Country
annotation-by-country
This plugin will select annotations depending on the access source of the country. With this plugin, annotations can be written in a post directly by …
Yoast Duplicate Post
duplicate-post
The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.
Translation with DeepL API Developer Profile
2 plugins · 4K total installs
How We Detect Translation with DeepL API
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wpdeepl/assets/wpdeepl-admin.css/wp-content/plugins/wpdeepl/assets/wpdeepl-metabox.js/wp-content/plugins/wpdeepl/assets/wpdeepl-metabox.jswpdeepl/assets/wpdeepl-admin.css?ver=wpdeepl/assets/wpdeepl-metabox.js?ver=HTML / DOM Fingerprints
<!-- Error loading WPDeepL -->name="wpdeepl_metabox_behaviour"DeepLStringsWPDEEPL_VERSIONWPDEEPL_URLWPDEEPL_PATHWPDEEPL_FLAVORWPDEEPL_DEBUG+3 more