Covid-19 Nepal Security & Risk Analysis

wordpress.org/plugins/covid-19-nepal

The plugin is simple plugin that is targeted to the websites in Nepali languages to display the statistics of COVID-19 cases in Nepal and the world.

10 active installs v1.0.0 PHP + WP 4.0+ Updated Apr 21, 2020
coronacovidcovid-19nepalnepali
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Covid-19 Nepal Safe to Use in 2026?

Generally Safe

Score 85/100

Covid-19 Nepal has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

Based on the provided static analysis and vulnerability history, the "covid-19-nepal" v1.0.0 plugin exhibits a very strong security posture. The code analysis reveals no dangerous functions, file operations, or external HTTP requests, and all SQL queries are properly prepared, and outputs are escaped. Crucially, there are no identified taint flows indicating potential injection vulnerabilities. The lack of any recorded CVEs or historical vulnerabilities further reinforces its current security standing, suggesting a well-developed and securely coded plugin.

While the plugin boasts an impressive lack of identified risks in static analysis, it's important to note the limited number of entry points analyzed and the absence of detailed taint analysis. The plugin has only one identified entry point (a shortcode) and no AJAX handlers or REST API routes, which significantly reduces the potential attack surface. However, the complete absence of nonce and capability checks across all identified entry points, as well as the limited scope of the taint analysis (0 flows analyzed), represents a notable concern. While there are no *known* vulnerabilities, this lack of authorization checks could leave it susceptible to certain types of attacks if malicious input were to be processed in the future, especially if the shortcode's functionality were to evolve or if it were to interact with user-supplied data in an unverified manner.

In conclusion, the "covid-19-nepal" v1.0.0 plugin appears to be highly secure in its current state due to rigorous coding practices for SQL and output handling, and a clean vulnerability history. However, the complete absence of nonce and capability checks on its sole entry point is a significant weakness that, while not currently exploited, presents a potential risk. Future development should prioritize implementing proper authorization checks to mitigate this.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Covid-19 Nepal Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Covid-19 Nepal Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

Covid-19 Nepal Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Covid-19 Nepal Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[covid19_nepal] class.covid19.front.php:29
WordPress Hooks 5
actionadmin_menuclass.covid19.admin.php:27
actionadmin_enqueue_scriptsclass.covid19.admin.php:28
actionwp_enqueue_scriptsclass.covid19.front.php:28
actionplugins_loadedcovid19-nepal.php:46
actionplugins_loadedcovid19-nepal.php:52
Maintenance & Trust

Covid-19 Nepal Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedApr 21, 2020
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Covid-19 Nepal Developer Profile

Padam Shankhadev

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Covid-19 Nepal

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/covid-19-nepal/images/covid-19.png/wp-content/plugins/covid-19-nepal/css/admin-covid19-nepal.css/wp-content/plugins/covid-19-nepal/css/covid19-nepal.css/wp-content/plugins/covid-19-nepal/js/covid19-nepal.js
Script Paths
/wp-content/plugins/covid-19-nepal/js/covid19-nepal.js
Version Parameters
covid-19-nepal/style.css?ver=covid-19-nepal/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
covid19-banner
Shortcode Output
<div class="wrap"> <div class="covid19-banner"></div> </div>
FAQ

Frequently Asked Questions about Covid-19 Nepal