Does xili-dictionary have any unpatched vulnerabilities?

Yes — xili-dictionary currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is xili-dictionary compatible with WordPress 4.9.29?

According to WordPress.org data, xili-dictionary 2.12.5.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is xili-dictionary updated?

xili-dictionary was last updated on Jun 1, 2025. Frequent updates are generally a positive security signal.

What is xili-dictionary's security score?

xili-dictionary has a WP-Safety security score of 77/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

xili-dictionary Security & Risk Analysis

wordpress.org/plugins/xili-dictionary

xili-dictionary is a multilingual dictionary storable in CPT and terms to create and translate .po files or .mo files and more (import, export...)

100 active installs v2.12.5.2 PHP + WP 3.6.1+ Updated Jun 1, 2025

admindictionarymultilingualpomotaxonomy

B · Generally Safe

CVEs total2

Unpatched1

Last CVEJun 23, 2025

Plugin page Download

Safety Verdict

Is xili-dictionary Safe to Use in 2026?

Mostly Safe

Score 77/100

xili-dictionary is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jun 23, 2025Updated 10mo ago

Risk Assessment

The xili-dictionary plugin v2.12.5.2 exhibits a mixed security posture. While it demonstrates strengths in SQL query sanitization and a robust use of nonces and capability checks, significant concerns arise from its static analysis results and vulnerability history. The presence of dangerous functions like 'unserialize' and 'exec' coupled with a high number of flows with unsanitized paths, particularly two high-severity taint flows, indicates potential for serious vulnerabilities. The high percentage of improperly escaped output further exacerbates these risks, suggesting a strong likelihood of cross-site scripting (XSS) vulnerabilities. The plugin's vulnerability history, featuring two known CVEs with one currently unpatched and both classified as medium severity, with a common pattern of XSS, reinforces these concerns. This suggests a recurring issue with input sanitization and output encoding that has not been fully resolved. Despite a low entry point count and the absence of unauthenticated AJAX handlers, the underlying code quality, particularly regarding unsanitized paths and output handling, coupled with an unpatched vulnerability, presents a notable risk.

Key Concerns

Unpatched CVE
High severity taint flows
Low percentage of properly escaped output
Dangerous functions found (unserialize, exec)
Unsanitized paths in taint flows

Vulnerabilities

xili-dictionary Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-52778medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

xili-dictionary <= 2.12.5.2 - Reflected Cross-Site Scripting

Jun 23, 2025Unpatched

CVE-2025-30840medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

xili-dictionary <= 2.12.5 - Reflected Cross-Site Scripting

Mar 27, 2025 Patched in 2.12.5.1 (8d)

Code Analysis

Analyzed Mar 16, 2026

xili-dictionary Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

213

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$desc_array = unserialize( $language->description );xili-dictionary.php:486

unserialize$desc_array = unserialize( $language->description );xili-dictionary.php:509

exec@exec( "gzip $diskfile" );xili-dictionary.php:8202

unserialize$strings = unserialize($post->post_content);xili-dictionary.php:9477

Bundled Libraries

DataTables

SQL Query Safety

100% prepared15 total queries

Output Escaping

17% escaped258 total outputs

Data Flows

10 unsanitized

Data Flow Analysis

11 flows10 with unsanitized paths

msg_untranslated_list_box (xili-dictionary.php:1407)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

xili-dictionary Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_xd_erasing_processxili-dictionary.php:254

authwp_ajax_xd_importing_processxili-dictionary.php:255

authwp_ajax_xd_live_state_filexili-dictionary.php:256

authwp_ajax_xd_from_file_existsxili-dictionary.php:257

WordPress Hooks 59

actionadmin_menuxili-dictionary.php:237

actionadmin_menuxili-dictionary.php:238

actionadmin_initxili-dictionary.php:242

actionadmin_initxili-dictionary.php:243

actionadmin_initxili-dictionary.php:244

actionadmin_initxili-dictionary.php:245

actionadmin_initxili-dictionary.php:246

actionadmin_initxili-dictionary.php:247

actionadmin_headxili-dictionary.php:250

actionadmin_headxili-dictionary.php:251

actionadd_meta_boxesxili-dictionary.php:259

actioninitxili-dictionary.php:261

actioninitxili-dictionary.php:262

actioninitxili-dictionary.php:263

filterplugin_localexili-dictionary.php:265

filtermanage_posts_columnsxili-dictionary.php:268

filtermanage_pages_custom_columnxili-dictionary.php:269

filterrequestxili-dictionary.php:271

actionrestrict_manage_postsxili-dictionary.php:274

actioncategory_add_formxili-dictionary.php:278

filtermanage_category_custom_columnxili-dictionary.php:279

actionafter-category-tablexili-dictionary.php:280

actionparse_queryxili-dictionary.php:281

filterquery_varsxili-dictionary.php:282

actionrestrict_manage_postsxili-dictionary.php:285

actionrestrict_manage_postsxili-dictionary.php:286

actionpre_get_postsxili-dictionary.php:287

actioncategory_edit_form_fieldsxili-dictionary.php:290

actionwp_print_scriptsxili-dictionary.php:292

filteruser_can_richeditxili-dictionary.php:294

filterpage_row_actionsxili-dictionary.php:297

actionsave_postxili-dictionary.php:299

actionsave_postxili-dictionary.php:300

actionsave_postxili-dictionary.php:301

filterpost_updated_messagesxili-dictionary.php:302

actionbefore_delete_postxili-dictionary.php:304

actionadmin_print_styles-post.phpxili-dictionary.php:306

actionadmin_print_styles-post-new.phpxili-dictionary.php:307

actionadmin_print_styles-post.phpxili-dictionary.php:309

actionadmin_print_scripts-post.phpxili-dictionary.php:310

actionadmin_print_styles-edit.phpxili-dictionary.php:312

actionadmin_print_styles-edit-tags.phpxili-dictionary.php:313

actionadmin_print_styles-xdmsg_page_dictionary_pagexili-dictionary.php:315

actionadmin_print_styles-xdmsg_page_erase_dictionary_pagexili-dictionary.php:316

actionadmin_print_styles-xdmsg_page_import_dictionary_pagexili-dictionary.php:317

filterplugin_action_linksxili-dictionary.php:323

actionswitch_themexili-dictionary.php:326

filtergettextxili-dictionary.php:330

actionwpxili-dictionary.php:333

actionshutdownxili-dictionary.php:335

actionexport_filtersxili-dictionary.php:337

actioncontextual_helpxili-dictionary.php:339

filterother_multilingual_plugin_filter_termsxili-dictionary.php:489

filterother_multilingual_plugin_filter_termxili-dictionary.php:490

actionedit_form_topxili-dictionary.php:641

actionadmin_print_footer_scriptsxili-dictionary.php:3226

filterxd-pot-scanning-projectxili-dictionary.php:8869

filterupload_dirxili-dictionary.php:9925

actionplugins_loadedxili-dictionary.php:9947

Maintenance & Trust

xili-dictionary Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJun 1, 2025

PHP min version

Downloads43K

Community Trust

Rating66/100

Number of ratings3

Active installs100

Alternatives

xili-dictionary Alternatives

Radio Buttons for Taxonomies

radio-buttons-for-taxonomies

Replace the default taxonomy boxes with a custom metabox that uses radio buttons... effectively limiting each post to a single term in that taxonomy.

20K 1 CVE

Bogo

bogo

100

A straight-forward multilingual plugin. No more double-digit custom DB tables or hidden HTML comments that could cause you headaches later on.

10K No CVEs

Term Management Tools

term-management-tools

100

Allows you to merge terms, move terms between taxonomies, and set term parents, individually or in bulk.

10K No CVEs

Admin Taxonomy Filter

admin-taxonomy-filter

100

Filter posts or custom post types in the admin area by custom taxonomies.

5K No CVEs

Post Category Filter (WP Admin)

admin-category-filter

100

Quickly search and filter categories and taxonomies inside the WordPress admin.

1K No CVEs

Developer Profile

xili-dictionary Developer Profile

Michel - xiligroup dev

4 plugins · 2K total installs

trust score

Avg Security Score

69/100

Avg Patch Time

83 days

View full developer profile

Detection Fingerprints

How We Detect xili-dictionary

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xili-dictionary/css/xdmsg-backend.css/wp-content/plugins/xili-dictionary/css/xdmsg-frontend.css/wp-content/plugins/xili-dictionary/css/xdmsg-style.css/wp-content/plugins/xili-dictionary/js/xdmsg-backend.js/wp-content/plugins/xili-dictionary/js/xdmsg-functions.js/wp-content/plugins/xili-dictionary/js/xdmsg-importer.js/wp-content/plugins/xili-dictionary/js/xdmsg-shortcode.js

Script Paths

/wp-content/plugins/xili-dictionary/js/xdmsg-backend.js/wp-content/plugins/xili-dictionary/js/xdmsg-functions.js/wp-content/plugins/xili-dictionary/js/xdmsg-importer.js/wp-content/plugins/xili-dictionary/js/xdmsg-shortcode.js

Version Parameters

/wp-content/plugins/xili-dictionary/css/xdmsg-backend.css?ver=/wp-content/plugins/xili-dictionary/css/xdmsg-frontend.css?ver=/wp-content/plugins/xili-dictionary/css/xdmsg-style.css?ver=/wp-content/plugins/xili-dictionary/js/xdmsg-backend.js?ver=/wp-content/plugins/xili-dictionary/js/xdmsg-functions.js?ver=/wp-content/plugins/xili-dictionary/js/xdmsg-importer.js?ver=/wp-content/plugins/xili-dictionary/js/xdmsg-shortcode.js?ver=

HTML / DOM Fingerprints

CSS Classes

xdmsg-admin-list-tablexdmsg-backend-formxdmsg-btn-addxdmsg-field-labelxdmsg-field-wrapperxdmsg-importer-boxxdmsg-lang-selectorxdmsg-meta-box+5 more

HTML Comments

+3 more

Data Attributes

data-xdmsg-actiondata-xdmsg-iddata-xdmsg-noncedata-xdmsg-parent-iddata-xdmsg-type

JS Globals

xili_dictionary_params

Shortcode Output

[xili_dictionary_importer][xili_dictionary_list][xili_dictionary_translator]

FAQ

xili-dictionary Security & Risk Analysis

Is xili-dictionary Safe to Use in 2026?

Mostly Safe

Key Concerns

xili-dictionary Security Vulnerabilities

CVEs by Year

Severity Breakdown

xili-dictionary Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

xili-dictionary Attack Surface

AJAX Handlers 4

xili-dictionary Maintenance & Trust

Maintenance Signals

Community Trust

xili-dictionary Alternatives

Radio Buttons for Taxonomies

Bogo

Term Management Tools

Admin Taxonomy Filter

Post Category Filter (WP Admin)

xili-dictionary Developer Profile

How We Detect xili-dictionary

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about xili-dictionary