ForTrader widgets Security & Risk Analysis

wordpress.org/plugins/fortrader-informers

Financial widgets

10 active installs v0.1 PHP + WP 4.0+ Updated Sep 26, 2017
currencyinformerinformersquoteswidgets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is ForTrader widgets Safe to Use in 2026?

Generally Safe

Score 85/100

ForTrader widgets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The fortrader-informers plugin, at version 0.1, exhibits a mixed security posture. On the positive side, it has a very small attack surface with only two AJAX handlers, and notably, none of these are exposed without authentication. There are no identified CVEs, suggesting a history of responsible development or a lack of widespread scrutiny. However, significant concerns arise from the static analysis. The output escaping is alarmingly low, with only 9% of outputs properly escaped, creating a high risk of cross-site scripting (XSS) vulnerabilities. Furthermore, the lack of capability checks on the AJAX handlers, despite the absence of authentication checks, is a critical oversight that could lead to unauthorized actions if an attacker bypasses the implicit authentication. The plugin also performs 13 SQL queries, with a substantial 23% not using prepared statements, posing a risk of SQL injection, especially when combined with the lack of output sanitization.

While the absence of known vulnerabilities and a lack of critical taint flows are encouraging, the identified code signals point to significant potential weaknesses. The low output escaping percentage is the most pressing concern and represents a substantial risk of client-side vulnerabilities. The combination of unescaped output and SQL queries without prepared statements significantly increases the overall risk profile. The plugin's early version number may explain some of these shortcomings, but they require immediate attention to ensure security. The strengths lie in the limited attack surface and lack of known exploits, but these are overshadowed by the readily exploitable code-level issues.

Key Concerns

  • Low output escaping percentage
  • SQL queries without prepared statements
  • Lack of capability checks on entry points
Vulnerabilities
None known

ForTrader widgets Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ForTrader widgets Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

ForTrader widgets Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
10 prepared
Unescaped Output
51
5 escaped
Nonce Checks
2
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

77% prepared13 total queries

Output Escaping

9% escaped56 total outputs
Attack Surface

ForTrader widgets Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_createInformerincludes\Main.php:45
authwp_ajax_editInformerincludes\Main.php:46
WordPress Hooks 5
actionplugins_loadedincludes\Main.php:23
actionadmin_menuincludes\Main.php:31
filteradmin_body_classincludes\Main.php:36
actionadmin_enqueue_scriptsincludes\Main.php:42
actionwidgets_initincludes\Main.php:48
Maintenance & Trust

ForTrader widgets Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30
Last updatedSep 26, 2017
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

ForTrader widgets Developer Profile

akadem87

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ForTrader widgets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fortrader-informers/assets/js/addEdit.js/wp-content/plugins/fortrader-informers/assets/js/bootstrap-colorpicker.min.js/wp-content/plugins/fortrader-informers/assets/js/bootstrap-colorpicker-plus.js/wp-content/plugins/fortrader-informers/assets/css/jquery-ui.css/wp-content/plugins/fortrader-informers/assets/css/addEdit.css/wp-content/plugins/fortrader-informers/assets/css/my.css/wp-content/plugins/fortrader-informers/assets/css/bootstrap-colorpicker.min.css/wp-content/plugins/fortrader-informers/assets/css/bootstrap-colorpicker-plus.css
Script Paths
/wp-content/plugins/fortrader-informers/assets/js/addEdit.js/wp-content/plugins/fortrader-informers/assets/js/bootstrap-colorpicker.min.js/wp-content/plugins/fortrader-informers/assets/js/bootstrap-colorpicker-plus.js
Version Parameters
fortrader-informers/assets/js/addEdit.js?ver=fortrader-informers/assets/js/bootstrap-colorpicker.min.js?ver=fortrader-informers/assets/js/bootstrap-colorpicker-plus.js?ver=fortrader-informers/assets/css/jquery-ui.css?ver=fortrader-informers/assets/css/addEdit.css?ver=fortrader-informers/assets/css/my.css?ver=fortrader-informers/assets/css/bootstrap-colorpicker.min.css?ver=fortrader-informers/assets/css/bootstrap-colorpicker-plus.css?ver=

HTML / DOM Fingerprints

CSS Classes
bootstrapColorpickerPlus
Data Attributes
data-colorpicker-plus
JS Globals
FtiHelperFtiModelFtiWidget
REST Endpoints
/wp-json/wp/v2/ft_widget
Shortcode Output
[ft_widget]
FAQ

Frequently Asked Questions about ForTrader widgets