WP-Safety

Investment Decision Helper Security & Risk Analysis

wordpress.org/plugins/investment-decision-helper

This tool will allow you to compare return rates of two different custom instruments in order to help you taking the best decision..

10 active installs v1.1.1 PHP + WP 3.8+ Updated Apr 16, 2014
calculatorfinancefinancingshortcodewidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Investment Decision Helper Safe to Use in 2026?

Generally Safe

Score 85/100

Investment Decision Helper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "investment-decision-helper" plugin v1.1.1 exhibits a mixed security posture. While it has no known historical vulnerabilities and utilizes prepared statements for all SQL queries, several significant concerns emerge from the static analysis. The presence of dangerous functions like `unserialize`, `create_function`, and `assert` is a major red flag, as these can be exploited to execute arbitrary code if user-supplied data is passed to them without proper sanitization. Furthermore, a taint analysis revealed a flow with an unsanitized path, indicating a potential vulnerability where data from an untrusted source could be used in a sensitive operation. The low percentage of properly escaped output (47%) also suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the lack of nonce checks on any entry points. The plugin's limited attack surface (one shortcode) and lack of external HTTP requests are positive aspects, but they are heavily outweighed by the critical code signals and taint flow.

Key Concerns

  • Dangerous functions found (unserialize, create_function, assert)
  • Taint flow with unsanitized path
  • Low output escaping percentage (47%)
  • No nonce checks on entry points
  • No capability checks on entry points
Vulnerabilities
None known

Investment Decision Helper Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Investment Decision Helper Code Analysis

Dangerous Functions
13
Raw SQL Queries
0
0 prepared
Unescaped Output
10
9 escaped
Nonce Checks
0
Capability Checks
0
File Operations
19
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$datos1 = stripslashes($HTTP_GET_VARS["serie1"]); $datos1 = urldecode($datos1); $datos1 = unserialigrafica-comparacion.php:6
unserialize$datos2 = stripslashes($HTTP_GET_VARS["serie2"]); $datos2 = urldecode($datos2); $datos2 = unserialigrafica-comparacion.php:7
unserialize$datos_axis = stripslashes($HTTP_GET_VARS["serie3"]); $datos_axis = urldecode($datos_axis); $datos_grafica-comparacion.php:8
unserialize$tags = stripslashes($HTTP_GET_VARS["etiquetas"]); $tags = urldecode($tags); $tags = unserialize($tgrafica-comparacion.php:9
create_functionadd_action( 'widgets_init', create_function( '', 'register_widget( "idh_widget" );' ) );investment-decision.php:515
assertassert($this->idx>0);jpgraph\src\jpgraph.php:339
assertassert($aType=='x' || $aType=='y' );jpgraph\src\jpgraph.php:4680
assertassert($aMin<=$aMax);jpgraph\src\jpgraph.php:4681
assertassert($aType=="x");jpgraph\src\jpgraph_date.php:57
assertassert($aMin<=$aMax);jpgraph\src\jpgraph_date.php:58
unserialize$this->iFlagData = unserialize($rawdata);jpgraph\src\jpgraph_flags.php:279
assertassert( $this->prect != null ) ;jpgraph\src\jpgraph_plotband.php:557
assertassert( $this->prect != null ) ;jpgraph\src\jpgraph_plotband.php:592

Output Escaping

47% escaped19 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<jpgraph> (jpgraph\src\jpgraph.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Investment Decision Helper Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[investment_decision] investment-decision.php:15
WordPress Hooks 3
actionwp_enqueue_scriptsinvestment-decision.php:16
actionplugins_loadedinvestment-decision.php:509
actionwidgets_initinvestment-decision.php:515
Maintenance & Trust

Investment Decision Helper Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40
Last updatedApr 16, 2014
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Investment Decision Helper Alternatives

Simple Finance Calculator

Simple Finance Calculator

simple-finance-calculator

C
63

Creates a very simple form that can be used to calculate monthly payments or loan amount based on entered information.

40 1 unpatched
CC BMI Calculator

CC BMI Calculator

cc-bmi-calculator

A
98

Add a free simple customizable BMI Calculator to your web site.

900 2 CVEs
CC Canadian Mortgage Calculator

CC Canadian Mortgage Calculator

cc-canadian-mortgage-calculator

A
99

Add a free simple customizable Canadian mortgage calculator to your web site.

100 1 CVE
Simple Pregnancy Calculator

Simple Pregnancy Calculator

simple-pregnancy-calculator

A
85

Simple Pregnancy Calculator lets you add a datepicher in the page or in the widget area of your site.

40 No CVEs
Simple Loan and Mortgage Calculator

Simple Loan and Mortgage Calculator

simple-loan-mortgage-calculator

A
85

Simple Loan and Mortgage Calculator generates a report on the payment of any loan or mortgage.

10 No CVEs
Developer Profile

Investment Decision Helper Developer Profile

anibalealvarezs

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Investment Decision Helper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/investment-decision-helper/investment-decision.css

HTML / DOM Fingerprints

CSS Classes
idh_calculator
Shortcode Output
<form class="idh_calculator" method="post">
FAQ

Frequently Asked Questions about Investment Decision Helper