Local Time Clock Security & Risk Analysis
wordpress.org/plugins/local-time-clockDisplay a clock on your sidebar set automatically to your location's timezone. Select from a choice of clocks, colors and sizes.
Is Local Time Clock Safe to Use in 2026?
Generally Safe
Score 92/100Local Time Clock has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "local-time-clock" v1.3 plugin exhibits a mixed security posture. On one hand, the absence of known CVEs and the use of prepared statements for SQL queries are positive indicators of good development practices. Furthermore, the lack of identified critical or high-severity taint flows suggests that common injection vulnerabilities are not present.
However, significant concerns arise from the static code analysis. The presence of the `unserialize` function, a known risk for deserialization vulnerabilities if not handled with extreme caution and input validation, is a major red flag. Compounding this, the analysis reveals a complete lack of output escaping. This means any data rendered by the plugin could potentially be manipulated by an attacker, leading to cross-site scripting (XSS) vulnerabilities. The absence of nonce and capability checks on what are likely entry points (though the attack surface is reported as zero, which is unusual if there are file operations or other code execution paths) also raises questions about authorization and integrity.
In conclusion, while the plugin benefits from a clean vulnerability history and secure SQL practices, the identified risks of `unserialize` usage and the pervasive lack of output escaping present substantial security weaknesses that require immediate attention. The plugin's overall security is compromised by these critical oversight.
Key Concerns
- Dangerous function unserialize detected
- Output escaping not used
- No nonce checks detected
- No capability checks detected
Local Time Clock Security Vulnerabilities
Local Time Clock Code Analysis
Dangerous Functions Found
Output Escaping
Local Time Clock Attack Surface
WordPress Hooks 1
Maintenance & Trust
Local Time Clock Maintenance & Trust
Maintenance Signals
Community Trust
Local Time Clock Alternatives
Xorbin Analog Flash Clock
xorbin-analog-flash-clock
Customizable Analog Clock plugin by XorBin.com
World Clock
flash-world-clock
World clock showing the local time at six major cities round the world. The plugin provides a choice of analog and digital clocks, colors and sizes.
Analog Clock Widget
analog-clock-widget
Analog Clock Widget plugin allows you to create an unlimited number of different analog clocks. The plugin based on SVG Raphael - JavaScript Library.
What Time Is It?
what-time-is-it
A lightweight plugin to display clock widgets on your website.
ZYX Classical Circular Clock
zyx-classical-circular-clock
A simple and configurable Flash clock. There is a widget, a shortcode and a template tag.
Local Time Clock Developer Profile
8 plugins · 3K total installs
How We Detect Local Time Clock
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/local-time-clock/local-time-clock.css/wp-content/plugins/local-time-clock/local-time-clock.js/wp-content/plugins/local-time-clock/local-time-clock.jslocal-time-clock/local-time-clock.css?ver=local-time-clock/local-time-clock.js?ver=HTML / DOM Fingerprints
<!-- Local Time Clock widget --><!-- Local Time Clock class. --><!-- Widget setup. --><!-- Widget control settings -->+18 moredata-timezonedata-clock-typedata-text-colordata-border-colordata-background-colordata-transparent+4 morewindow.local_time_clock_widgets