WP-Safety

Leartes TRY Exchange Rates Security & Risk Analysis

wordpress.org/plugins/leartes-try-exchange-rates

Gets TRY Exchange Rates from TCMB (Turkish Central Bank). Use as widget or Shortcode

600 active installs v2.1 PHP 7.4+ WP 5.0+ Updated Oct 10, 2023
dovizdolardoviz-kurlarieuroturkish
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is Leartes TRY Exchange Rates Safe to Use in 2026?

Use With Caution

Score 64/100

Leartes TRY Exchange Rates has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 2yr ago
Risk Assessment

The "leartes-try-exchange-rates" v2.1 plugin exhibits a mixed security posture. While the static analysis shows a small attack surface and good practices in SQL query handling, significant concerns arise from the low rate of output escaping (9%) and the complete absence of nonce and capability checks. This suggests a high potential for Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data might be rendered without proper sanitization, allowing attackers to inject malicious scripts. The vulnerability history further amplifies these concerns, with a known medium-severity XSS vulnerability that is currently unpatched. This indicates a pattern of security weaknesses that are not being adequately addressed, posing a tangible risk to websites using this plugin. Despite the positive aspects like the lack of critical taint flows and dangerous functions, the prevalent output escaping issue combined with the unpatched vulnerability strongly advises caution. Users should consider this plugin to have a moderate to high risk due to the ease with which XSS attacks could be executed and the lack of remediation for past flaws.

Key Concerns

  • Unpatched medium CVE
  • Low output escaping rate (9%)
  • No nonce checks
  • No capability checks
Vulnerabilities
1

Leartes TRY Exchange Rates Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31783medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Leartes TRY Exchange Rates <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Leartes TRY Exchange Rates Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
68
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
1
Bundled Libraries
0

Output Escaping

9% escaped75 total outputs
Attack Surface

Leartes TRY Exchange Rates Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[lbi_exchange_rates] lbi-exchrates.php:40
WordPress Hooks 11
actionelementor/elements/categories_registeredlbi-elementor.php:19
actionelementor/widgets/widgets_registeredlbi-elementor.php:20
actionelementor/frontend/before_enqueue_scriptslbi-elementor.php:21
actionelementor/frontend/after_enqueue_styleslbi-elementor.php:22
actionelementor/dynamic_tags/register_tagslbi-elementor.php:24
actionelementor/controls/controls_registeredlbi-elementor.php:25
actioninitlbi-exchrates.php:35
actionwp_enqueue_scriptslbi-exchrates.php:36
actionwidgets_initlbi-exchrates.php:38
actionplugins_loadedlbi-exchrates.php:39
actioninitlbi-vc_map.php:9
Maintenance & Trust

Leartes TRY Exchange Rates Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedOct 10, 2023
PHP min version7.4
Downloads13K

Community Trust

Rating100/100
Number of ratings5
Active installs600
Alternatives

Leartes TRY Exchange Rates Alternatives

Cotação Moedas

Cotação Moedas

cotacao-moedas-hoje

A
85

Cotação do Dólar, Euro e Iene em relação ao Real (R$). Todos os dados são buscados do Banco Central do Brasil diariamente pelo Web Service.

100 No CVEs
Ninja Araçlar

Ninja Araçlar

ninja-araclar

A
100

Ninja Araçlar eklentisi, genel anlamda temalarına Süperlig, Burçlar, Döviz ve Hava Durumu eklemek isteyenler için geliştirilmiştir.

40 No CVEs
AboveWP Bulgarian Eurozone

AboveWP Bulgarian Eurozone

abovewp-bulgarian-eurozone

A
100

Display WooCommerce prices in both Bulgarian Lev (BGN) and Euro (EUR) bidirectionally as Bulgaria prepares to join the Eurozone.

3K No CVEs
Cartograf Cookie filter

Cartograf Cookie filter

cartograf-cookie-filter

A
85

Prevents the installation of tracking cookies without the informed consent of the visitor. This plugin was specifically designed to be Spanish Cookie &hellip;

200 No CVEs
Indicadores Económicos Chile

Indicadores Económicos Chile

indicadores-economicos-chile

A
100

Muestra mediante un shortcode los Indicadores económicos actualizados en Chile.

100 No CVEs
Developer Profile

Leartes TRY Exchange Rates Developer Profile

Leartes.NET

1 plugin · 600 total installs

69
trust score
Avg Security Score
64/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Leartes TRY Exchange Rates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/leartes-try-exchange-rates/assets/css/leartes-try-exchange-rates.css/wp-content/plugins/leartes-try-exchange-rates/assets/js/leartes-try-exchange-rates.js
Script Paths
/wp-content/plugins/leartes-try-exchange-rates/assets/js/leartes-try-exchange-rates.js
Version Parameters
/wp-content/plugins/leartes-try-exchange-rates/assets/css/leartes-try-exchange-rates.css?ver=/wp-content/plugins/leartes-try-exchange-rates/assets/js/leartes-try-exchange-rates.js?ver=

HTML / DOM Fingerprints

CSS Classes
currency-wraps-widgetcurrency-wraps-shortcodelbi-currenciesc-header-topc-ratecrbanknoteforex+15 more
Data Attributes
data-currencydata-unitdata-captiondata-flagdata-flag_pathdata-fb+8 more
JS Globals
window.lbi_exch_currencies
Shortcode Output
<div class="currency-wraps-<h3><span><div class="lbi-currencies"><div class="c-header-top">
FAQ

Frequently Asked Questions about Leartes TRY Exchange Rates