Ephemeris Security & Risk Analysis
wordpress.org/plugins/ephemerisAdds a sidebar widget that display from the astrological sky the sun sign, the moon sign and the moon phase.
Is Ephemeris Safe to Use in 2026?
Generally Safe
Score 85/100Ephemeris has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The Ephemeris v2.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerability history, suggesting a generally stable codebase. The limited attack surface, with only one shortcode and no AJAX handlers or REST API routes, further contributes to a reduced threat landscape.
However, significant concerns arise from the static analysis. The presence of the `create_function` dangerous function, along with a very low percentage of properly escaped output (only 3%), indicates a high potential for cross-site scripting (XSS) vulnerabilities. The lack of nonce and capability checks on its entry points means that even its limited attack surface is potentially vulnerable to unauthorized actions if an attacker can trigger the shortcode. The absence of taint analysis results is not necessarily a positive sign, as it could indicate that the analysis itself was incomplete or that the tools could not identify any flows, which doesn't negate the risk posed by unescaped output and dangerous functions.
In conclusion, while Ephemeris v2.1 benefits from a small attack surface and good SQL practices, the identified code signals of `create_function` and widespread unescaped output, combined with the lack of critical security checks, present a notable risk. The plugin's history of no vulnerabilities is encouraging but does not mitigate the immediate risks identified in the current version's code.
Key Concerns
- Dangerous function (create_function)
- Low percentage of properly escaped output
- Missing nonce checks
- Missing capability checks
Ephemeris Security Vulnerabilities
Ephemeris Code Analysis
Dangerous Functions Found
Output Escaping
Ephemeris Attack Surface
Shortcodes 1
WordPress Hooks 1
Maintenance & Trust
Ephemeris Maintenance & Trust
Maintenance Signals
Community Trust
Ephemeris Alternatives
AstroBene
astrobene
Astrological weather informer (accurate forecast at once for all zodiac signs) for every day. * Russian.
EZ Horoscope Professional
ez-horoscope
Astrologically accurate horoscopes with cosmic insights, advice, birth charts, and AI voice agents for chatting about readings.
The Daily Horoscope
the-daily-horoscope
Add The Daily Horoscope Plugin to your widgets, posts and pages. Select your sign and read your daily horoscope.
Monthly Horoscopes
monthly-horoscopes
Add up to 12 months of sun sign monthly horoscopes to your sites pages and posts pages with this free and easy to install WordPress plugin.
Tarot and Horoscope
tarot-and-horoscope
Add interactive tarot card games and live chat to your WordPress site for free, powered by TarotandHoroscope.com.
Ephemeris Developer Profile
9 plugins · 1K total installs
How We Detect Ephemeris
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/ephemeris/css/ephemeris.css/wp-content/plugins/ephemeris/js/ephemeris.js/wp-content/plugins/ephemeris/js/ephemeris.jsephemeris/style.css?ver=ephemeris/script.js?ver=HTML / DOM Fingerprints
ephemeris_ajaxurlephemeris_moon_phase_imagesephemeris_zodiac_imagesephemeris_language<!-- Ephemeris Widget --><div class="ephemeris-widget"><span class="ephemeris-moon-phase"><img src="