Does ForexRateAPI have any unpatched vulnerabilities?

No. All known vulnerabilities in ForexRateAPI have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ForexRateAPI compatible with WordPress 6.9.4?

According to WordPress.org data, ForexRateAPI 1.1.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is ForexRateAPI updated?

ForexRateAPI was last updated on Feb 17, 2026. Frequent updates are generally a positive security signal.

What is ForexRateAPI's security score?

ForexRateAPI has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ForexRateAPI Security & Risk Analysis

wordpress.org/plugins/forexrateapi

Display live or historical foreign exchange (forex) rates in over 150+ currencies

10 active installs v1.1.7 PHP + WP 5.0+ Updated Feb 17, 2026

currencyforeign-exchange-ratesforex-ratesstockdioticker

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is ForexRateAPI Safe to Use in 2026?

Generally Safe

Score 100/100

ForexRateAPI has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The forexrateapi plugin v1.1.7 demonstrates a strong security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities, and unescaped output are significant strengths. The use of prepared statements for all SQL queries further reinforces this, indicating good development practices for data handling. The plugin also implements nonce checks, which is a crucial security measure for preventing cross-site request forgery. However, the lack of capability checks on any entry points is a notable concern, as it implies that actions performed by the shortcodes might be accessible to users without specific permissions. While no critical or high-severity taint flows were identified, and the plugin has no recorded vulnerability history, the missing capability checks represent a potential avenue for privilege escalation or unauthorized access if the shortcodes perform sensitive operations.

Key Concerns

No capability checks on entry points

Vulnerabilities

None known

ForexRateAPI Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ForexRateAPI Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped37 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

save_forexrateapi_option (forexrateapi.php:35)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ForexRateAPI Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[forexrateapi] forexrateapi.php:28

[forexrateapi_change] forexrateapi.php:29

WordPress Hooks 1

actionadmin_menuforexrateapi.php:30

Maintenance & Trust

ForexRateAPI Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 17, 2026

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

ForexRateAPI Alternatives

Cryptocurrency Widgets – Price Ticker & Coins List

cryptocurrency-price-ticker-widget

Display cryptocurrency price ticker widget, coins live price list, table, labels & coin marketcap via shortcodes.

8K 4 CVEs

Cryptocurrency Widgets Pack

cryptocurrency-widgets-pack

Price ticker, table, cards, label widget for all cryptocurrencies using Coingecko API.

900 1 unpatched

Cryptocurrency Price Widget

cryptocurrency-price-widget

Gives you a customizable Cryptocurrency Price Widget for website with ⚡live real-time price update and flexible settings.

200 1 CVE

Cryptocurrency Widgets From Coinlib

cryptocurrency-widgets-from-coinlib

Full free cryptocurrency widget pack from Coinlib (https://coinlib.io).

40 No CVEs

Crypto Coin Ticker

crypto-coin-ticker

Display a list of prices for all your favorite cryptocurrencies like Bitcoin, Ethereum, Litecoin and more!

30 No CVEs

Developer Profile

ForexRateAPI Developer Profile

forexrateapi

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ForexRateAPI

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/forexrateapi/module/currency_symbols.php

HTML / DOM Fingerprints

Shortcode Output

[forexrateapi][forexrateapi_change]

FAQ