NBP Kurs Złota Security & Risk Analysis
wordpress.org/plugins/kurs-zlota-nbpPL:Wtyczka dodaje widget z aktualnym kursem złota z Narodowego Banku Polskiego.
Is NBP Kurs Złota Safe to Use in 2026?
Generally Safe
Score 85/100NBP Kurs Złota has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "kurs-zlota-nbp" plugin version 1.0.0 exhibits a generally positive security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its potential attack surface. Furthermore, the code signals indicate a strong adherence to secure coding practices, with no dangerous functions identified, all SQL queries using prepared statements, and no external HTTP requests. This suggests a well-crafted plugin with a minimal risk of common vulnerabilities like SQL injection or cross-site scripting through these vectors.
However, there are notable areas for concern that detract from its otherwise strong security. The most significant weakness is the extremely low percentage (15%) of properly escaped output. This suggests that a substantial portion of user-facing output is not being sanitized, creating a high risk for Cross-Site Scripting (XSS) vulnerabilities. Additionally, the complete lack of nonce checks and capability checks, particularly concerning given the presence of file operations, opens the door for potential unauthorized actions or manipulation if any entry points were to be discovered or if the plugin evolves to include them. The vulnerability history being empty is a positive sign, but it could also indicate a lack of rigorous past security auditing or that the plugin is relatively new and hasn't been subjected to extensive real-world attacks or analysis.
In conclusion, while the "kurs-zlota-nbp" plugin has successfully avoided common vulnerabilities by limiting its attack surface and securing its database interactions, the severe lack of output escaping presents a critical risk that requires immediate attention. The absence of nonce and capability checks also warrants scrutiny, especially if the plugin's functionality is expanded. The clean vulnerability history is encouraging but should not be seen as a guarantee of future security without addressing the identified code weaknesses.
Key Concerns
- Low percentage of properly escaped output (15%)
- No nonce checks
- No capability checks
- File operations present without explicit auth checks
NBP Kurs Złota Security Vulnerabilities
NBP Kurs Złota Code Analysis
Output Escaping
NBP Kurs Złota Attack Surface
WordPress Hooks 1
Maintenance & Trust
NBP Kurs Złota Maintenance & Trust
Maintenance Signals
Community Trust
NBP Kurs Złota Alternatives
Gold-Price
gold-price-based-on-weight
Automatically calculate WooCommerce product prices based on a global price per gram of Gold, Silver, or Platinum and the weight of each product.
ITS Jewellery Price Plugin
its-jewellery-price
ITS Jewellery Price Plugin for Woocommerce helps to update prices of jewellery products. We all know that prices of jewellery products change everyday …
Hesapis Market Data – Gold, Currency & Crypto Prices
hesapis-market-data-gold-currency-crypto-prices
Real-time gold prices, currency exchange rates, and cryptocurrency data widgets for WordPress. Beautiful, customizable, and easy to use.
MetalpriceAPI
metalpriceapi
Display live or historical precious metal prices (Gold, Silver, Platinum, Palladium, ...) in over 150+ currencies
Gold Price Live
gold-price-live
Allows you to easily use shortcode to post gold, silver, platinum and palladium spot prices (updated once daily in the morning at 8:20am New York Time …
NBP Kurs Złota Developer Profile
2 plugins · 110 total installs
How We Detect NBP Kurs Złota
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.