Daily Zman Widget Security & Risk Analysis
wordpress.org/plugins/daily-zman-widgetDisplays Hebrew date, sunrise, sunset, and key times for prayers (latest Shema, earliest Plag, etc).
Is Daily Zman Widget Safe to Use in 2026?
Generally Safe
Score 92/100Daily Zman Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The daily-zman-widget plugin, version 1.1, presents a mixed security profile. On the positive side, the plugin exhibits excellent practices regarding SQL queries, exclusively using prepared statements, and it has no recorded vulnerability history, including CVEs. The static analysis also reports zero taint flows and a minimal attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events, all of which are reportedly unprotected. However, significant concerns arise from the complete absence of output escaping (0% properly escaped) and the lack of nonce checks and capability checks. The presence of file operations and external HTTP requests, while not inherently malicious, become much riskier when combined with insufficient input validation and output sanitization, creating potential avenues for cross-site scripting (XSS) attacks or unintended remote code execution.
The plugin's strengths lie in its secure database interaction and its clean vulnerability track record. This suggests the developers may have a good understanding of SQL security. Nonetheless, the glaring lack of output escaping is a critical oversight that leaves the plugin highly susceptible to XSS vulnerabilities. Coupled with the absence of any authorization checks (capability checks) on its entry points, this creates a substantial risk. The limited number of file operations and external HTTP requests, while present, are not currently flagged as problematic in taint analysis, but their risk is amplified by the other identified weaknesses.
In conclusion, while the plugin has a strong history of security and avoids common SQL pitfalls, the pervasive lack of output escaping and authorization checks represents a significant security deficit. The plugin's current configuration exposes users to a high risk of XSS and potentially other injection attacks. Remediation efforts should prioritize implementing robust output escaping mechanisms and adding appropriate capability checks to protect against unauthorized access and malicious code injection.
Key Concerns
- 0% output properly escaped
- 0 Nonce checks
- 0 Capability checks
- 1 File operation
- 3 External HTTP requests
Daily Zman Widget Security Vulnerabilities
Daily Zman Widget Code Analysis
Output Escaping
Daily Zman Widget Attack Surface
WordPress Hooks 1
Maintenance & Trust
Daily Zman Widget Maintenance & Trust
Maintenance Signals
Community Trust
Daily Zman Widget Alternatives
Zmanim WP
zmanim-wp
This plugin lets you configure a variety of halachic time calculations and add them via shortcodes.
Muslim Prayer Time-Salah/Iqamah
masjidal
Display the prayer(Athan) and/or Iqamah time for you masjid or location. Use as a widget or use the short codes and format it as you like.
Muslim Prayer Times
muslim-prayer-times
Add accurate prayer times and iqama schedules to your WordPress site using blocks or shortcodes.
Shabbat Zman Widget
adatosystems-friday-zmanim
THIS PLUGIN IS NO LONGER SUPPORTED!!
XllenTech Salat Timings
xllentech-salat-timings
Salat Timings Plugin to display Salat Timings Daily by widget and Monthly by shortcode. Works on Calculation method that is derived by moonsighting.
Daily Zman Widget Developer Profile
3 plugins · 70 total installs
How We Detect Daily Zman Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/daily-zman-widget/zmandaily.phpHTML / DOM Fingerprints
zman-dailyid="zmantitle"id="dailyzman"id="zmanbigtitle"