Does Five Prayer have any unpatched vulnerabilities?

No. All known vulnerabilities in Five Prayer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Five Prayer compatible with WordPress 6.9.4?

According to WordPress.org data, Five Prayer 2.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Five Prayer compatible with PHP 7.4+?

Five Prayer requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Five Prayer updated?

Five Prayer was last updated on Feb 2, 2026. Frequent updates are generally a positive security signal.

What is Five Prayer's security score?

Five Prayer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Five Prayer Security & Risk Analysis

wordpress.org/plugins/fiveprayer

Five Prayer displays accurate Muslim prayer times and timetables directly inside WordPress.

10 active installs v2.3.0 PHP 7.4+ WP 6.7+ Updated Feb 2, 2026

islamicmuslimprayerquransalat

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Five Prayer Safe to Use in 2026?

Generally Safe

Score 100/100

Five Prayer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'fiveprayer' plugin v2.3.0 exhibits a generally strong security posture based on the provided static analysis. A notable strength is the absence of any critical or high-severity taint flows, and all identified entry points (AJAX handlers, REST API routes) appear to have proper authentication and permission checks. The plugin also demonstrates good practices with a high percentage of SQL queries utilizing prepared statements and a reasonable amount of output escaping. The lack of any recorded vulnerabilities, including CVEs, further contributes to a positive security assessment.

However, there are areas that warrant attention. While the majority of SQL queries are prepared, a small percentage are not, which could pose a risk if these queries handle user-supplied input without proper sanitization, though this is not explicitly indicated as a vulnerability. The file operation count is relatively high, and while no specific issues are flagged, this is an area where vulnerabilities can sometimes be introduced. The external HTTP request is a minor concern, as it could be a potential vector for SSRF or information leakage if not handled carefully, though again, no specific issues are detailed. The overall low number of identified flows in the taint analysis might indicate a smaller plugin codebase, which can be positive, but it also means there's less data to assess the full scope of potential risks.

Key Concerns

SQL queries without prepared statements
Unescaped output (30% of outputs)
External HTTP requests

Vulnerabilities

None known

Five Prayer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Five Prayer Code Analysis

Dangerous Functions

Raw SQL Queries

80 prepared

Unescaped Output

173

397 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

85% prepared94 total queries

Output Escaping

70% escaped570 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

handleESIRequest (php\classes\core\Assets\ESIDynamicContentHandler.php:106)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Five Prayer Attack Surface

Entry Points34

Unprotected0

AJAX Handlers 17

authwp_ajax_fp_api_create_keyphp\classes\core\Admin\ApiAdmin.php:21

authwp_ajax_fp_api_revoke_keyphp\classes\core\Admin\ApiAdmin.php:22

authwp_ajax_fp_api_delete_keyphp\classes\core\Admin\ApiAdmin.php:23

authwp_ajax_fiveprayer_get_logsphp\classes\core\Admin\LoggingAdmin.php:26

noprivwp_ajax_fiveprayer_dynamic_contentphp\classes\core\Ajax\DynamicContentHandler.php:11

authwp_ajax_fiveprayer_dynamic_contentphp\classes\core\Ajax\DynamicContentHandler.php:12

authwp_ajax_fiveprayer_memory_testphp\classes\core\controllers\api\endpoints\MemoryTestController.php:11

noprivwp_ajax_fiveprayer_memory_testphp\classes\core\controllers\api\endpoints\MemoryTestController.php:12

authwp_ajax_get_next_prayerphp\classes\core\controllers\api\endpoints\PrayerSettingsMetaController.php:448

noprivwp_ajax_get_next_prayerphp\classes\core\controllers\api\endpoints\PrayerSettingsMetaController.php:449

authwp_ajax_fiveprayer_load_timetablephp\classes\core\controllers\api\endpoints\PrayerSettingsMetaController.php:450

noprivwp_ajax_fiveprayer_load_timetablephp\classes\core\controllers\api\endpoints\PrayerSettingsMetaController.php:451

authwp_ajax_fiveprayer_get_dynamic_field_valuephp\classes\core\helpers\MetaField\Breakdance\BreakdanceAPI.php:73

noprivwp_ajax_fiveprayer_get_dynamic_field_valuephp\classes\core\helpers\MetaField\Breakdance\BreakdanceAPI.php:76

authwp_ajax_fp_dismiss_noticephp\classes\core\helpers\WarningNotice\WarningNotice.php:22

authwp_ajax_fiveprayer_dynamic_contentphp\classes\core\Shortcodes.php:22

noprivwp_ajax_fiveprayer_dynamic_contentphp\classes\core\Shortcodes.php:23

REST API Routes 3

GET/wp-json/fiveprayer/v1/logging-settingsFiveprayer.php:819

POST/wp-json/fiveprayer/v1/logging-settingsFiveprayer.php:827

GET/wp-json/fiveprayer/v1/png-urlphp\classes\core\controllers\api\endpoints\PngUrlController.php:29

Shortcodes 14

[Fp_TimeTable_Monthly] php\classes\core\ShortCodes\ShortCodeTimetableMonth.php:19

[Fp_Vertical_Daily_Prayer] php\classes\core\ShortCodes\ShortCodeVerticalDailyPrayer.php:65

[fiveprayer_widget] php\classes\core\Shortcodes.php:28

[Fp_TimeTable_Monthly] php\classes\core\Shortcodes.php:31

[Fp_Vertical_Daily_Prayer] php\classes\core\Shortcodes.php:32

[Fp_Single_Fajr] php\classes\core\Shortcodes.php:35

[Fp_Single_Sunrise] php\classes\core\Shortcodes.php:36

[Fp_Single_Dhuhr] php\classes\core\Shortcodes.php:37

[Fp_Single_Asr] php\classes\core\Shortcodes.php:38

[Fp_Single_Maghrib] php\classes\core\Shortcodes.php:39

[Fp_Single_Isha] php\classes\core\Shortcodes.php:40

[Fp_Single_CurrentTime] php\classes\core\Shortcodes.php:41

[Fp_Single_CurrentDate] php\classes\core\Shortcodes.php:42

[Fp_Single_NextPrayer] php\classes\core\Shortcodes.php:43

WordPress Hooks 126

actioninitFiveprayer.php:54

actionplugins_loadedFiveprayer.php:60

actionenqueue_block_editor_assetsFiveprayer.php:111

filterlitespeed_optimize_css_async_inlineFiveprayer.php:158

filterlitespeed_optm_tiny_htmlFiveprayer.php:159

actionwpFiveprayer.php:182

filterrocket_cache_reject_uriFiveprayer.php:189

filterw3tc_pagecache_process_requestFiveprayer.php:193

filterdo_createsupercacheFiveprayer.php:197

actionlitespeed_purge_postFiveprayer.php:200

actionsend_headersFiveprayer.php:203

actionwp_headFiveprayer.php:206

actioninitFiveprayer.php:209

actionwp_enqueue_scriptsFiveprayer.php:371

actionadmin_enqueue_scriptsFiveprayer.php:372

actionwpFiveprayer.php:426

actionwpFiveprayer.php:439

actionplugins_loadedFiveprayer.php:685

actionplugins_loadedFiveprayer.php:810

actionrest_api_initFiveprayer.php:818

actionplugins_loadedFiveprayer.php:843

actioninitFiveprayer.php:1219

actionfiveprayer_hourly_cache_checkFiveprayer.php:1231

actioninitFiveprayer.php:1242

actionfiveprayer_check_next_prayer_changeFiveprayer.php:1337

filtercron_schedulesFiveprayer.php:1349

actioninitFiveprayer.php:1360

actionfiveprayer_twice_daily_cache_checkFiveprayer.php:1372

actionbreakdance_loadedFiveprayer.php:1413

actioninitFiveprayer.php:1462

actioninitFiveprayer.php:1465

filterfiveprayer_enable_oxygen_integrationFiveprayer.php:1737

filterfiveprayer_enable_breakdance_integrationFiveprayer.php:1747

actionadmin_menuphp\classes\core\Admin\ApiAdmin.php:19

actionadmin_enqueue_scriptsphp\classes\core\Admin\ApiAdmin.php:20

actionadmin_menuphp\classes\core\Admin\LoggingAdmin.php:20

actionadmin_post_fiveprayer_save_logging_settingsphp\classes\core\Admin\LoggingAdmin.php:21

actionadmin_post_fiveprayer_clear_logsphp\classes\core\Admin\LoggingAdmin.php:22

actionadmin_post_fiveprayer_download_log_filephp\classes\core\Admin\LoggingAdmin.php:23

actionadmin_enqueue_scriptsphp\classes\core\Admin\LoggingAdmin.php:29

actionadmin_menuphp\classes\core\Admin\SettingsAdmin.php:23

actionadmin_post_fiveprayer_import_translationsphp\classes\core\Admin\SettingsAdmin.php:24

actionadmin_post_fiveprayer_reset_defaults_softphp\classes\core\Admin\SettingsAdmin.php:25

actionadmin_post_fiveprayer_reset_defaults_hardphp\classes\core\Admin\SettingsAdmin.php:26

actionadmin_post_fiveprayer_export_translationsphp\classes\core\Admin\SettingsAdmin.php:27

actionadmin_post_fiveprayer_force_clear_cachesphp\classes\core\Admin\SettingsAdmin.php:28

actionadmin_noticesphp\classes\core\Admin\SettingsAdmin.php:29

actionadmin_enqueue_scriptsphp\classes\core\AdminHtmlInjector.php:9

actionadmin_menuphp\classes\core\AdminMenu.php:18

actionadmin_headphp\classes\core\AdminMenu.php:19

actioninitphp\classes\core\Assets\ESIDynamicContentHandler.php:310

actionsend_headersphp\classes\core\Assets\ESIDynamicContentHandler.php:313

actionwp_enqueue_scriptsphp\classes\core\Assets.php:27

actionadmin_enqueue_scriptsphp\classes\core\Assets.php:28

actionenqueue_block_assetsphp\classes\core\Assets.php:29

filterblock_categories_allphp\classes\core\Blocks\BlockRegistrar.php:26

filterscript_loader_srcphp\classes\core\Cache\CacheControl.php:28

filterstyle_loader_srcphp\classes\core\Cache\CacheControl.php:29

filterrocket_override_donotcachepagephp\classes\core\Cache\StandardCacheControl.php:14

filterrocket_cache_reject_uriphp\classes\core\Cache\StandardCacheControl.php:15

actionwp_enqueue_scriptsphp\classes\core\Calendar\CalendarGenerator.php:29

actionfiveprayer_clear_calendar_generator_cachephp\classes\core\Calendar\CalendarGenerator.php:32

actionrest_api_initphp\classes\core\controllers\api\ApiControllerRegistrar.php:14

actionrest_api_initphp\classes\core\controllers\api\endpoints\PrayerSettingsMetaController.php:21

actionrest_api_initphp\classes\core\controllers\api\endpoints\PrayerTimeTableController.php:21

actionrest_api_initphp\classes\core\controllers\api\endpoints\TranslateController.php:19

actionwp_headphp\classes\core\Daily\Styles\DailyStyleDynamic.php:74

actionwp_footerphp\classes\core\Daily\Styles\DailyStyleDynamic.php:75

actionwp_footerphp\classes\core\Daily\Styles\DailyStyleDynamic.php:76

actionwp_headphp\classes\core\Daily\Styles\DailyStyleDynamic.php:78

actioninitphp\classes\core\DynamicContent.php:15

filterthe_contentphp\classes\core\DynamicTextParser.php:14

filterwidget_textphp\classes\core\DynamicTextParser.php:15

filterthe_excerptphp\classes\core\DynamicTextParser.php:16

actionwp_headphp\classes\core\DynamicTextParser.php:19

actionwp_footerphp\classes\core\helpers\FivePrayer_Highlighter.php:40

actionwp_enqueue_scriptsphp\classes\core\helpers\LiveTimeFormatted.php:22

actionenqueue_block_assetsphp\classes\core\helpers\LiveTimeFormatted.php:25

actionbreakdance_loadedphp\classes\core\helpers\MetaField\Breakdance\init.php:13

filterthe_contentphp\classes\core\helpers\MetaField\DynamicTextHandler.php:31

filterwidget_textphp\classes\core\helpers\MetaField\DynamicTextHandler.php:32

filterthe_excerptphp\classes\core\helpers\MetaField\DynamicTextHandler.php:33

filterfiveprayer_dynamic_text_patternsphp\classes\core\helpers\MetaField\DynamicTextHandler.php:36

actioninitphp\classes\core\helpers\MetaField\MetaFieldGenerator.php:64

actioninitphp\classes\core\helpers\MetaField\MetaFieldGenerator.php:65

actionelementor/dynamic_tags/registerphp\classes\core\helpers\MetaField\MetaFieldGenerator.php:69

actionacf/initphp\classes\core\helpers\MetaField\PageBuilderCompat.php:46

filteracf/get_field_referencephp\classes\core\helpers\MetaField\PageBuilderCompat.php:50

filteracf/get_field_groupphp\classes\core\helpers\MetaField\PageBuilderCompat.php:51

actionelementor/dynamic_tags/registerphp\classes\core\helpers\MetaField\PageBuilderCompat.php:133

actioninitphp\classes\core\helpers\MetaField\PageBuilderCompat.php:145

filteracf/format_valuephp\classes\core\helpers\MetaField\PageBuilderCompat.php:289

actioninitphp\classes\core\helpers\MetaFieldGenerator.php:36

actioninitphp\classes\core\helpers\MetaFieldGenerator.php:37

actionelementor/dynamic_tags/registerphp\classes\core\helpers\MetaFieldGenerator.php:41

filterthe_contentphp\classes\core\helpers\MetaFieldGenerator.php:177

filterwidget_textphp\classes\core\helpers\MetaFieldGenerator.php:178

filterthe_excerptphp\classes\core\helpers\MetaFieldGenerator.php:179

filterfiveprayer_dynamic_text_patternsphp\classes\core\helpers\MetaFieldGenerator.php:182

actionacf/initphp\classes\core\helpers\MetaFieldGenerator.php:452

filteracf/get_field_referencephp\classes\core\helpers\MetaFieldGenerator.php:456

filteracf/get_field_groupphp\classes\core\helpers\MetaFieldGenerator.php:457

filteracf/format_valuephp\classes\core\helpers\MetaFieldGenerator.php:596

actionadmin_noticesphp\classes\core\helpers\WarningNotice\DatabaseMissingNotice.php:11

actionadmin_initphp\classes\core\helpers\WarningNotice\WarningNotice.php:21

actionadmin_noticesphp\classes\core\helpers\WarningNotice\WarningNotice.php:25

actionadmin_noticesphp\classes\core\helpers\WarningNotice\WarningNotice.php:35

actionadmin_enqueue_scriptsphp\classes\core\helpers\WarningNotice\WarningNotice.php:36

actioninitphp\classes\core\initRegister.php:12

actionupdate_option_fiveprayer_settingsphp\classes\core\initRegister.php:14

actionupdate_option_fiveprayer_style_settingsphp\classes\core\initRegister.php:15

actionwp_enqueue_scriptsphp\classes\core\initRegister.php:72

actionwp_loadedphp\classes\core\Plugin.php:45

actionwp_enqueue_scriptsphp\classes\core\Plugin.php:58

actioninitphp\classes\core\Plugin.php:136

actioninitphp\classes\core\Plugin.php:168

actioninitphp\classes\core\ShortCodes\ShortCodesSinglePrayers.php:165

actionwp_enqueue_scriptsphp\classes\core\ShortCodes\ShortCodesSinglePrayers.php:166

actionwp_enqueue_scriptsphp\classes\core\ShortCodes\ShortCodesSinglePrayers.php:167

actionsave_postphp\classes\core\ShortCodes\ShortCodesSinglePrayers.php:168

actioninitphp\classes\core\ShortCodes\ShortCodeTimetableMonth.php:14

actioninitphp\classes\core\ShortCodes\ShortCodeVerticalDailyPrayer.php:39

actionwp_enqueue_scriptsphp\classes\core\ShortCodes\ShortCodeVerticalDailyPrayer.php:40

actioninitphp\classes\core\Shortcodes.php:15

actionupdated_optionphp\classes\core\Shortcodes.php:18

actionfiveprayer_invalidate_allphp\classes\core\Shortcodes.php:19

Scheduled Events 3

fiveprayer_hourly_cache_check

fiveprayer_check_next_prayer_change

fiveprayer_twice_daily_cache_check

Maintenance & Trust

Five Prayer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 2, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Five Prayer Alternatives

Daily Prayer Time

daily-prayer-time-for-mosques

Display prayer time in any screen, in any language and many more.

1K 6 CVEs

Salat Times

salat-times

100

Salat (Namaz) timetable for any location around the world!

600 1 CVE

Muslim Prayer Times

muslim-prayer-times

100

Add accurate prayer times and iqama schedules to your WordPress site using blocks or shortcodes.

70 No CVEs

Beautiful Salat

beautiful-salat

100

Simple, beautiful, lightweight prayer times plugin with Gutenberg blocks for easy editing.

50 No CVEs

Salat Timing Widget

salat-time

100

This plugin build widget for salat timing.

10 No CVEs

Developer Profile

Five Prayer Developer Profile

AhsanulBarakah

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Five Prayer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fiveprayer/php/classes/core/Assets/JS/modify-block-supports.js

Script Paths