AutoMLP – AI Translation for WPML Security & Risk Analysis
wordpress.org/plugins/wpml-translation-checkSave on WPML translation credits by using OpenAI or Gemini API to auto translate posts, pages or strings in bulk using AutoMLP AI Translator for WPML.
Is AutoMLP – AI Translation for WPML Safe to Use in 2026?
Generally Safe
Score 100/100AutoMLP – AI Translation for WPML has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wpml-translation-check plugin, in version 1.1.2, presents a mixed security posture. On the positive side, the plugin does not contain any known CVEs, avoids dangerous functions, and all SQL queries utilize prepared statements, indicating some good security practices in data handling. There are no file operations or external HTTP requests that are immediately flagged as suspicious within the static analysis. The absence of bundled libraries also removes a potential avenue for vulnerabilities.
However, significant concerns arise from the attack surface and code signals. The plugin has a single entry point via an AJAX handler which lacks any authentication checks. Furthermore, a substantial portion of its output (0% properly escaped) is not being escaped, posing a risk of cross-site scripting (XSS) vulnerabilities. The lack of nonce checks and capability checks on the AJAX handler exacerbates the risk associated with this unprotected entry point. The absence of taint analysis results is neutral, as it simply means no flows were identified in the analyzed code, not that none exist.
In conclusion, while the plugin demonstrates strengths in database query security and a clean vulnerability history, the unprotected AJAX handler and pervasive unescaped output represent critical security weaknesses. The attack surface is small but contains a critical vulnerability. Addressing these specific issues should be a priority for improving the plugin's security.
Key Concerns
- AJAX handler without auth checks
- Unescaped output
- Missing nonce checks
- Missing capability checks
AutoMLP – AI Translation for WPML Security Vulnerabilities
AutoMLP – AI Translation for WPML Release Timeline
AutoMLP – AI Translation for WPML Code Analysis
Output Escaping
AutoMLP – AI Translation for WPML Attack Surface
AJAX Handlers 1
WordPress Hooks 4
Maintenance & Trust
AutoMLP – AI Translation for WPML Maintenance & Trust
Maintenance Signals
Community Trust
AutoMLP – AI Translation for WPML Alternatives
TransLeti Connector
transleti-connector
Translate your entire WordPress site automatically using LibreTranslate. Works with TranslatePress and WPML. Unlimited translations, no per-word fees.
Translate Multilingual sites – TranslatePress
translatepress-multilingual
Translate your entire site directly from the front-end and go multilingual. Full support for WooCommerce, page builders + Google Translate integration
Translate WordPress with Weglot – Multilingual AI Translation
weglot
Translate WordPress sites with automatic AI translation into 110+ languages. Multilingual SEO, WooCommerce compatible, 110k+ sites.
AI Translation For TranslatePress
automatic-translate-addon-for-translatepress
Auto-translate unlimited strings and characters using AI & Machine Translation tools without any external API Key!
Polylang Duplicate Content Addon
duplicate-content-addon-for-polylang
Duplicate your original post/page content into other languages in one click with the Polylang Duplicate Content addon.
AutoMLP – AI Translation for WPML Developer Profile
21 plugins · 113K total installs
How We Detect AutoMLP – AI Translation for WPML
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wpml-translation-check/css/admin.cssHTML / DOM Fingerprints
id="dtc_api_key_input"name="dtc_options[api_key]"id="dtc_detect_default_lang_0"name="dtc_options[detect_default_lang]"id="dtc_detect_default_lang_1"id="dtc_post_types_post"+2 more/wp-json/dtc/v1/detect