Child Height Predictor by Ostheimer Security & Risk Analysis

wordpress.org/plugins/child-height-predictor

How tall will your kid grow? Predict the height of your child!

10 active installs v1.3 PHP + WP 3.3.2+ Updated May 19, 2019
babycalculatorchildgrowthheight
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEMay 19, 2026
Safety Verdict

Is Child Height Predictor by Ostheimer Safe to Use in 2026?

Use With Caution

Score 63/100

Child Height Predictor by Ostheimer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 19, 2026Updated 7yr ago
Risk Assessment

The child-height-predictor plugin v1.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by having no known vulnerabilities, no dangerous functions, and all SQL queries utilizing prepared statements. Additionally, there are no file operations or external HTTP requests, which reduces the potential attack surface. The limited attack surface of only one shortcode and no AJAX handlers or REST API routes is also a strong point.

However, a significant concern arises from the complete lack of output escaping. With 53 outputs and 0% properly escaped, this presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed by the plugin is vulnerable to injection. Furthermore, the absence of nonce checks and capability checks on the single shortcode means that it's potentially callable without proper authorization, although without any other exposed entry points like AJAX or REST API, the immediate impact is limited.

The plugin's vulnerability history is clean, with zero known CVEs. This, combined with the limited attack surface and responsible use of prepared statements, suggests a plugin that has historically been developed with some security awareness. However, the lack of output escaping is a critical oversight that needs immediate attention. The overall security posture can be described as having a small attack surface and clean history but a critical flaw in output handling.

Key Concerns

  • 0% output escaping
  • 0 nonce checks
  • 0 capability checks
Vulnerabilities
1 published

Child Height Predictor by Ostheimer Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-6400medium · 4.3Cross-Site Request Forgery (CSRF)

Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form

May 19, 2026Unpatched
Version History

Child Height Predictor by Ostheimer Release Timeline

v1.3Current1 CVE
v1.2.11 CVE
v1.21 CVE
v1.11 CVE
v1.0.1.51 CVE
v1.0.1.41 CVE
v1.0.1.31 CVE
v1.0.1.21 CVE
v1.0.1.11 CVE
Code Analysis
Analyzed Apr 16, 2026

Child Height Predictor by Ostheimer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
53
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped53 total outputs
Attack Surface

Child Height Predictor by Ostheimer Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[childheight] childheight.php:26
WordPress Hooks 2
actionadmin_menuchildheight.php:28
actionwidgets_initchildheight.php:159
Maintenance & Trust

Child Height Predictor by Ostheimer Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22
Last updatedMay 19, 2019
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Child Height Predictor by Ostheimer Developer Profile

Andreas Ostheimer

4 plugins · 50 total installs

80
trust score
Avg Security Score
80/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Child Height Predictor by Ostheimer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/child-height-predictor/childheight-style.css

HTML / DOM Fingerprints

CSS Classes
childheight-calculator
Data Attributes
data-unitsdata-widthdata-height
Shortcode Output
<div class="childheight-calculator"
FAQ

Frequently Asked Questions about Child Height Predictor by Ostheimer