Does fitness calculators have any unpatched vulnerabilities?

No. All known vulnerabilities in fitness calculators have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is fitness calculators compatible with WordPress 6.8.5?

According to WordPress.org data, fitness calculators 2.1.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is fitness calculators updated?

fitness calculators was last updated on May 26, 2025. Frequent updates are generally a positive security signal.

What is fitness calculators's security score?

fitness calculators has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

fitness calculators Security & Risk Analysis

wordpress.org/plugins/fitness-calculators

Plugin for calculating Water intake, BMI calculator, protein Intake for the fitness freaks.

700 active installs v2.1.10 PHP + WP 6.8+ Updated May 26, 2025

bfp-body-fat-percentage-calculatorbmi-calculatorfitness-calculatorprotein-intake-calculatorwater-intake-calculator

A · Safe

CVEs total2

Unpatched0

Last CVEAug 16, 2023

Download

Safety Verdict

Is fitness calculators Safe to Use in 2026?

Generally Safe

Score 99/100

fitness calculators has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 16, 2023Updated 10mo ago

Risk Assessment

The "fitness-calculators" plugin v2.1.10 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and implementing nonce checks on all its entry points. It also has no file operations or external HTTP requests, which are generally good security indicators.

However, a significant concern arises from the low percentage of properly escaped output (28%), indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. While taint analysis shows no identified flows with unsanitized paths in this specific static analysis, the history of two medium-severity XSS vulnerabilities, with the last one being relatively recent (August 2023), strongly suggests that the identified output escaping issues could indeed be exploited. The absence of capability checks on its five shortcodes, while protected by nonces, could also be a concern depending on the functionality of these shortcodes.

Overall, the plugin has strengths in its handling of SQL and basic security checks. Nonetheless, the prevalent lack of output escaping combined with its vulnerability history points to a substantial risk of XSS. It is crucial to address the output escaping issues to mitigate this risk, especially given the plugin's past vulnerability patterns.

Key Concerns

Significant unescaped output detected
History of 2 medium XSS vulnerabilities
No capability checks on shortcodes

Vulnerabilities

fitness calculators Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-40552medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings

Aug 16, 2023 Patched in 2.0.9 (223d)

CVE-2021-24272medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fitness Calculators <= 1.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 14, 2021 Patched in 1.9.6 (1014d)

Code Analysis

Analyzed Mar 16, 2026

fitness calculators Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

28% escaped116 total outputs

Attack Surface

fitness calculators Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[fcp-water-intake-calculator] includes\fc-class-short-code.php:809

[fcp-protein-intake-calculator] includes\fc-class-short-code.php:812

[fcp-bmi-calculator] includes\fc-class-short-code.php:815

[fcp-bfc-calculator] includes\fc-class-short-code.php:818

[fcp-cc-calculator] includes\fc-class-short-code.php:820

WordPress Hooks 4

actionadmin_menuincludes\fc-class-settings.php:10

actionadmin_enqueue_scriptsincludes\fc-class-settings.php:11

actionwidgets_initincludes\fc-class-widgets.php:10

actionwp_enqueue_scriptsincludes\js_css_register.php:32

Maintenance & Trust

fitness calculators Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 26, 2025

PHP min version

Downloads23K

Community Trust

Rating82/100

Number of ratings8

Active installs700

Alternatives

fitness calculators Alternatives

fitnessbliss calculators plugin

fitnessbliss-calculators

Plugin for calculating Water intake, BMI calculator, protein Intake for the fitness freaks.

10 No CVEs

Human BMI Calculator

human-bmi-calculator

Human BMI (Body Mass Index) Calculator will help you to check your current BMI for your height and weight.

10 No CVEs

CC BMI Calculator

cc-bmi-calculator

Add a free simple customizable BMI Calculator to your web site.

900 2 CVEs

Calculate BMR and BMI

calculate-bmr

Enhance your site with our plugin, easily integrating BMR/BMI calculators into your Pages/Posts

200 No CVEs

BMI Calculator by Calculator.iO

ci-bmi-calculator

The free Body Mass Index calculator, also known as BMI, computes and classifies BMI for children and adults using data obtained from WHO and CDC.

100 No CVEs

Developer Profile

fitness calculators Developer Profile

gurcharan singh

1 plugin · 700 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

619 days

View full developer profile

Detection Fingerprints

How We Detect fitness calculators

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fitness-calculators/wp-color-picker-script.js/wp-content/plugins/fitness-calculators/css/admin-style.css/wp-content/plugins/fitness-calculators/css/water-intake-calculator.css/wp-content/plugins/fitness-calculators/css/bmi-calculator.css/wp-content/plugins/fitness-calculators/css/protien-intake-calculator.css/wp-content/plugins/fitness-calculators/css/body-fat-calculator.css/wp-content/plugins/fitness-calculators/css/carb-calculator.css/wp-content/plugins/fitness-calculators/js/water-intake-calculator.js+5 more

Script Paths

/wp-content/plugins/fitness-calculators/wp-color-picker-script.js/wp-content/plugins/fitness-calculators/js/general.js

Version Parameters

fitness-calculators/css/admin-style.css?ver=fitness-calculators/css/water-intake-calculator.css?ver=fitness-calculators/css/bmi-calculator.css?ver=fitness-calculators/css/protien-intake-calculator.css?ver=fitness-calculators/css/body-fat-calculator.css?ver=fitness-calculators/css/carb-calculator.css?ver=fitness-calculators/js/water-intake-calculator.js?ver=fitness-calculators/js/bmi-calculator.js?ver=fitness-calculators/js/protien-intake-calculator.js?ver=fitness-calculators/js/body-fat-calculator.js?ver=fitness-calculators/js/carb-calculator.js?ver=fitness-calculators/js/general.js?ver=fitness-calculators/wp-color-picker-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

card-fcpfcp-admin-menufcp-water-intake-calculatorfcp-bmi-calculatorfcp-protein-calculatorfcp-body-fat-calculatorfcp-carb-calculator

Data Attributes

data-fcp-type

JS Globals

fcp_general_scripts

Shortcode Output

[fcp-water-intake-calculator][fcp-bmi-calculator][fcp-protein-calculator][fcp-body-fat-calculator]

FAQ