WP-Safety

Dynamic Time Security & Risk Analysis

wordpress.org/plugins/dynamic-time

The number one timesheet plugin for WordPress. A simple calendar-based timecard and time management solution.

200 active installs v5.4.23 PHP + WP 6.0+ Updated Oct 28, 2025
time-managementtime-punchtime-tracktimecardtimesheet
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Dynamic Time Safe to Use in 2026?

Generally Safe

Score 100/100

Dynamic Time has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The 'dynamic-time' plugin v5.4.23 exhibits a generally strong security posture. The absence of any known CVEs, combined with a significant number of capability checks and nonce checks, indicates a proactive approach to security by the developers. The plugin also demonstrates good practices by largely utilizing prepared statements for SQL queries and properly escaping a majority of its outputs. Furthermore, the lack of external HTTP requests minimizes risks associated with compromised external services.

However, a few areas warrant attention. The presence of two dangerous 'unserialize' functions, especially when coupled with one flow with an unsanitized path, presents a potential risk. If user-controlled data is allowed to reach these unserialize calls without proper sanitization, it could lead to serious vulnerabilities such as Remote Code Execution. While the taint analysis did not flag critical or high severity issues, this specific flow needs careful monitoring and validation of its sanitization. The plugin's total entry points are low, and importantly, none are unprotected, which is a significant strength.

In conclusion, 'dynamic-time' v5.4.23 is a reasonably secure plugin with good development practices. The primary concern lies with the 'unserialize' functions and the identified unsanitized flow, which, while not currently exploited or leading to critical issues in the analysis, represents a latent risk that should be addressed to further harden the plugin's security.

Key Concerns

  • Dangerous unserialize function usage
  • Flow with unsanitized path identified
  • SQL queries using prepared statements (50%)
  • Output escaping (68% properly escaped)
Vulnerabilities
None known

Dynamic Time Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Dynamic Time Code Analysis

Dangerous Functions
2
Raw SQL Queries
6
6 prepared
Unescaped Output
116
252 escaped
Nonce Checks
4
Capability Checks
21
File Operations
4
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$pto_val=unserialize($row->PTO);time_admin.php:779
unserialize$pto_tots=@unserialize($pto_tot);time_functions.php:338

SQL Query Safety

50% prepared12 total queries

Output Escaping

68% escaped368 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<time_cal> (time_cal.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Dynamic Time Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[dyt_admin] time_functions.php:45
[dynamicTime] time_functions.php:65
WordPress Hooks 9
actionwp_enqueue_scriptstime_cal.php:34
actionactivated_plugintime_functions.php:24
actionadmin_headtime_functions.php:36
actionadmin_menutime_functions.php:38
actionadmin_noticestime_functions.php:173
actionadmin_inittime_functions.php:175
filterwp_mail_content_typetime_functions.php:317
filterwp_mail_fromtime_functions.php:318
filterwp_mail_from_nametime_functions.php:319
Maintenance & Trust

Dynamic Time Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 28, 2025
PHP min version
Downloads60K

Community Trust

Rating94/100
Number of ratings21
Active installs200
Alternatives

Dynamic Time Alternatives

Time Tracker

Time Tracker

time-tracker

A
98

Time Tracker enables freelancers to clients, projects, tasks (including recurring), time, billing info and more on private pages of their website.

30 1 CVE
UDSSL Time Tracker

UDSSL Time Tracker

udssl-time-tracker

A
85

UDSSL Time Tracker helps you to precisely track your time. Charts allows you to visualize how your time is spent and helps you to be more productive.

10 No CVEs
SD Timer – Live Time Tracker for Frontend & Backend

SD Timer – Live Time Tracker for Frontend & Backend

sd-timer

A
100

Best Time Tracker Plugin for WordPress websites. Make time management easier and simple.

0 No CVEs
User Activity Tracking and Log

User Activity Tracking and Log

user-activity-tracking-and-log

A
99

Track time and monitor user activity & history on your website, LMS online learning system, membership or WooCommerce site.

3K 2 CVEs
Simple Countdown Timer

Simple Countdown Timer

simple-countdown

A
100

Simple Countdown Timer Plugin allows you to easily create and customize countdown timers for your website. Whether you're counting down to a sale &hellip;

1K No CVEs
Developer Profile

Dynamic Time Developer Profile

RLDD

8 plugins · 5K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Dynamic Time

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dynamic-time/assets/time_min.css/wp-content/plugins/dynamic-time/assets/time_min.js
Script Paths
/wp-content/plugins/dynamic-time/assets/time_min.js
Version Parameters
dynamic-time/assets/time_min.css?v=dynamic-time/assets/time_min.js?v=

HTML / DOM Fingerprints

CSS Classes
dyt_adminMenuCSS
Data Attributes
data-dyt-id
JS Globals
window.dyt_max_widthwindow.dyt_version
Shortcode Output
[dyt_admin][dynamicTime]
FAQ

Frequently Asked Questions about Dynamic Time