Does Zanto WP Translation (For Multisites) have any unpatched vulnerabilities?

No. All known vulnerabilities in Zanto WP Translation (For Multisites) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Zanto WP Translation (For Multisites) compatible with WordPress 4.1.42?

According to WordPress.org data, Zanto WP Translation (For Multisites) 0.3.4 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Zanto WP Translation (For Multisites) updated?

Zanto WP Translation (For Multisites) was last updated on Mar 30, 2015. Frequent updates are generally a positive security signal.

What is Zanto WP Translation (For Multisites)'s security score?

Zanto WP Translation (For Multisites) has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Zanto WP Translation (For Multisites) Security & Risk Analysis

wordpress.org/plugins/zanto

Zanto WP Translation helps you run a multilingual site by providing linkage between content in blogs of different languages in a WordPress multisite.

10 active installs v0.3.4 PHP + WP 3.0+ Updated Mar 30, 2015

language-switcherlocalizationmultilingualmultisitetranslation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Zanto WP Translation (For Multisites) Safe to Use in 2026?

Generally Safe

Score 85/100

Zanto WP Translation (For Multisites) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "zanto" v0.3.4 plugin exhibits significant security concerns due to its unprotected entry points and a concerning lack of output sanitization. While the plugin demonstrates some good practices, such as a high percentage of prepared SQL statements and a substantial number of nonce and capability checks, these are overshadowed by critical vulnerabilities identified in the static and taint analysis. The presence of unprotected AJAX handlers presents a direct attack vector, especially when combined with a high number of unsanitized paths detected in the taint analysis. The low percentage of properly escaped output is particularly alarming, suggesting a high risk of cross-site scripting (XSS) vulnerabilities that could be exploited by attackers. The absence of known CVEs is a positive sign, but it does not negate the internal code quality issues that pose a substantial risk to users. The plugin's overall security posture is therefore weak, with critical vulnerabilities in code execution paths and output handling that require immediate attention.

Key Concerns

2 unprotected AJAX handlers
11 flows with unsanitized paths
6 critical severity taint flows
Only 20% of output properly escaped
1 dangerous function (unserialize)

Vulnerabilities

None known

Zanto WP Translation (For Multisites) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Zanto WP Translation (For Multisites) Code Analysis

Dangerous Functions

Raw SQL Queries

76 prepared

Unescaped Output

245

61 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$langs_names = unserialize($__zwt_lang_names);includes\language-data.php:3

SQL Query Safety

79% prepared96 total queries

Output Escaping

20% escaped306 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

15 flows11 with unsanitized paths

edit_table (classes\class.zwt-edit-languages.php:71)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Zanto WP Translation (For Multisites) Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_zwt_all_ajaxclasses\class.zwt-base.php:51

noprivwp_ajax_zwt_all_ajaxclasses\class.zwt-base.php:52

WordPress Hooks 80

actionwp_enqueue_scriptsclasses\class.zwt-base.php:234

actionadmin_enqueue_scriptsclasses\class.zwt-base.php:235

actioninitclasses\class.zwt-base.php:237

actioninitclasses\class.zwt-base.php:238

actionwp_headclasses\class.zwt-base.php:240

actionwp_print_scriptsclasses\class.zwt-browser-lang-redirect.php:7

actioninitclasses\class.zwt-browser-lang-redirect.php:49

actioninitclasses\class.zwt-cron.php:91

filtercron_schedulesclasses\class.zwt-cron.php:93

filterupload_dirclasses\class.zwt-download-mo.php:150

actionadmin_footerclasses\class.zwt-edit-languages.php:32

actionadmin_menuclasses\class.zwt-interfaces.php:41

actioninitclasses\class.zwt-interfaces.php:42

actionzwt_debug_infoclasses\class.zwt-interfaces.php:44

filterplugin_row_metaclasses\class.zwt-interfaces.php:45

actionplugins_loadedclasses\class.zwt-lang-switcher.php:41

actionadmin_initclasses\class.zwt-lang-switcher.php:43

actionadmin_bar_menuclasses\class.zwt-lang-switcher.php:44

actionzwt_language_switcherclasses\class.zwt-lang-switcher.php:45

actionwp_footerclasses\class.zwt-lang-switcher.php:49

filterthe_contentclasses\class.zwt-lang-switcher.php:52

actionwp_headclasses\class.zwt-lang-switcher.php:56

actionwp_headclasses\class.zwt-lang-switcher.php:57

filterlocaleclasses\class.zwt-lang-switcher.php:68

actionplugins_loadedclasses\class.zwt-mo.php:79

actionadmin_footerclasses\class.zwt-mo.php:80

filterupload_mimesclasses\class.zwt-settings.php:60

actioninitclasses\class.zwt-settings.php:61

actioninitclasses\class.zwt-settings.php:63

filterpre_update_option_WPLANGclasses\class.zwt-translation-network.php:867

filtermu_dropdown_languagesclasses\class.zwt-translation-network.php:868

actionupdated_optionclasses\class.zwt-translation-network.php:869

actionadmin_initclasses\class.zwt-translation-network.php:870

filteroption_WPLANGclasses\class.zwt-translation-network.php:871

filterhome_urlclasses\class.zwt-translation-network.php:874

filterpost_linkclasses\class.zwt-translation-network.php:875

filterpage_linkclasses\class.zwt-translation-network.php:876

filterpost_type_linkclasses\class.zwt-translation-network.php:877

filteroption_rewrite_rulesclasses\class.zwt-translation-network.php:879

filterterm_linkclasses\class.zwt-translation-network.php:881

filterfeed_linkclasses\class.zwt-translation-network.php:882

filtertrackback_urlclasses\class.zwt-translation-network.php:883

filterauthor_linkclasses\class.zwt-translation-network.php:884

filterpost_type_archive_linkclasses\class.zwt-translation-network.php:885

filteryear_linkclasses\class.zwt-translation-network.php:886

filtermonth_linkclasses\class.zwt-translation-network.php:887

filterday_linkclasses\class.zwt-translation-network.php:888

filterattachment_linkclasses\class.zwt-translation-network.php:890

filtercategory_linkclasses\class.zwt-translation-network.php:894

filtertag_linkclasses\class.zwt-translation-network.php:895

actionpermalink_structure_changedclasses\class.zwt-translation-network.php:897

actioninitclasses\class.zwt-translation-network.php:900

actioninitclasses\class.zwt-translation-network.php:901

actiondelete_blogclasses\class.zwt-translation-network.php:902

actionwidgets_initclasses\class.zwt-widgets.php:73

actionwp_trash_postclasses\class.zwt-wp-post.php:21

actionbefore_delete_postclasses\class.zwt-wp-post.php:22

actionsave_postclasses\class.zwt-wp-post.php:23

actionadd_meta_boxesclasses\class.zwt-wp-post.php:24

actioncurrent_screenclasses\class.zwt-wp-post.php:25

actionmedia_buttonsclasses\class.zwt-wp-post.php:26

actioncurrent_screenclasses\class.zwt-wp-tax.php:23

actionedit_termclasses\class.zwt-wp-tax.php:24

actioncreate_termclasses\class.zwt-wp-tax.php:25

actiondelete_termclasses\class.zwt-wp-tax.php:26

actionadmin_noticesclasses\class.zwt-wp-tax.php:46

actionadmin_noticesincludes\notices\admin-notice-helper.php:26

actionshutdownincludes\notices\admin-notice-helper.php:27

actionshutdownincludes\notices\email-notifications.php:25

actioninitincludes\notices\id-admin-notices.php:28

actionadmin_noticesincludes\notices\id-admin-notices.php:29

actionshutdownincludes\notices\id-admin-notices.php:30

actionzwt_footer_lang_switcherviews\lang-switcher\lang_switcher.php:115

actionzwt_lang_switcherviews\lang-switcher\lang_switcher.php:116

actionzwt_lang_switcherviews\lang-switcher\lang_switcher.zwt.php:98

actionwp_enqueue_scriptsviews\lang-switcher\lang_switcher.zwt.php:99

actionzwt_lang_switcherviews\lang-switcher\ls_2015_v1.zwt.php:93

actionzwt_lang_switcherviews\lang-switcher\ls_2015_v1.zwt.php:94

filterwp_loadedzanto.php:32

actionadmin_noticeszanto.php:79

Maintenance & Trust

Zanto WP Translation (For Multisites) Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedMar 30, 2015

PHP min version

Downloads20K

Community Trust

Rating100/100

Number of ratings12

Active installs10

Alternatives

Zanto WP Translation (For Multisites) Alternatives

BuddyPress Extended Profile Translation

buddypress-extended-profile-translation

Multilingual Extended Profiles in multisite BuddyPress

10 No CVEs

LingoJS – Website Translation Integration

lingojs-website-translation-integration

100

Easily integrate LingoJS into your WordPress site for fast and automatic multilingual translation.

0 No CVEs

WPMMCC

wpmmcc

100

Multilingual solution for WordPress with automatic translation and site group management.

0 No CVEs

Polylang

polylang

Go multilingual in a simple and efficient way. Keep writing posts and taxonomy terms as usual while defining their languages all at once.

800K 3 CVEs

WP Multilang – Translation and Multilingual Plugin

wp-multilang

Multilingual plugin for WordPress. Go Multilingual in minutes with full WordPress support. Translate your site easily with this localization plugin.

10K 1 CVE

Developer Profile

Zanto WP Translation (For Multisites) Developer Profile

Ayebare Mucunguzi Brooks

8 plugins · 340 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Zanto WP Translation (For Multisites)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zanto/javascript/zanto-main.js/wp-content/plugins/zanto/javascript/zanto-installation.js/wp-content/plugins/zanto/javascript/mo-management.js/wp-content/plugins/zanto/javascript/jquery.cookie.js/wp-content/plugins/zanto/javascript/browser-lang-redirect.js/wp-content/plugins/zanto/css/admin.css/wp-content/plugins/zanto/css/icon-font/css/font-awesome.min.css

Script Paths

javascript/zanto-main.jsjavascript/zanto-installation.jsjavascript/mo-management.jsjavascript/jquery.cookie.jsjavascript/browser-lang-redirect.js

Version Parameters

zanto-translation-main?ver=0.3.4zanto-installation?ver=0.3.4mo-management?ver=0.3.4jquery_cookie?ver=0.3.4browser_lang_redirect?ver=0.3.4admin?ver=0.3.4icon_font/css/font-awesome.min.css?ver=0.3.4

HTML / DOM Fingerprints

CSS Classes

zwt_admin

Data Attributes

data-id

JS Globals

zwt_main_i8nZanto_WT

FAQ