Does Exchange Rate Table have any unpatched vulnerabilities?

No. All known vulnerabilities in Exchange Rate Table have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Exchange Rate Table compatible with WordPress 6.5.8?

According to WordPress.org data, Exchange Rate Table 1.4 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Exchange Rate Table updated?

Exchange Rate Table was last updated on May 14, 2024. Frequent updates are generally a positive security signal.

What is Exchange Rate Table's security score?

Exchange Rate Table has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Exchange Rate Table Security & Risk Analysis

wordpress.org/plugins/exchange-rate-table

Display an exchange rate table for any currency in the world. Select from a choice of table sizes and formats.

300 active installs v1.4 PHP + WP 2.8+ Updated May 14, 2024

currency-exchangecurrency-ratesexchange-ratesforeign-exchangefx

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Exchange Rate Table Safe to Use in 2026?

Generally Safe

Score 92/100

Exchange Rate Table has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'exchange-rate-table' plugin, version 1.4, exhibits a concerning security posture despite a clean vulnerability history. The static analysis reveals several critical weaknesses, most notably the presence of the 'unserialize' function without any apparent authorization or capability checks. This function is notorious for leading to Remote Code Execution (RCE) vulnerabilities if an attacker can control the serialized data. Furthermore, a complete lack of output escaping across all identified outputs is a significant concern. This means any data displayed by the plugin could be vulnerable to Cross-Site Scripting (XSS) attacks, allowing attackers to inject malicious scripts into user browsers. The absence of any recorded CVEs is positive, but it does not negate the inherent risks identified in the code itself. The plugin’s static analysis indicates a potentially large attack surface due to unprotected entry points. While the SQL queries are prepared, the other identified issues present substantial security risks.

Key Concerns

Presence of unserialize without auth checks
No output escaping on any output
No nonce checks
No capability checks

Vulnerabilities

None known

Exchange Rate Table Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Exchange Rate Table Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$currency_list = unserialize($currency_list_ser);exchange-rate-table.php:79

unserialize$currency_list = unserialize($currency_list_ser);exchange-rate-table.php:145

Output Escaping

0% escaped26 total outputs

Attack Surface

Exchange Rate Table Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initexchange-rate-table.php:19

Maintenance & Trust

Exchange Rate Table Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMay 14, 2024

PHP min version

Downloads30K

Community Trust

Rating40/100

Number of ratings1

Active installs300

Alternatives

Exchange Rate Table Alternatives

Cryptocurrency Converter

cryptocurrency-converter

This plugin allows to add shortcode on your WordPress site and convert over 1,400 crypto currencies. [Cryptocurrency_Converter title="Your Title& …

10 No CVEs

Currency Exchange Rates Widget

exchangerate-api

The Currency Exchange Rates Widget is a powerful and easy-to-use plugin that allows you to display real-time currency exchange rates on your WordPress …

0 No CVEs