Monthly Horoscopes Security & Risk Analysis
wordpress.org/plugins/monthly-horoscopesAdd up to 12 months of sun sign monthly horoscopes to your sites pages and posts pages with this free and easy to install WordPress plugin.
Is Monthly Horoscopes Safe to Use in 2026?
Generally Safe
Score 85/100Monthly Horoscopes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The monthly-horoscopes plugin v1.3 exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, file operations, and SQL queries without prepared statements is commendable. The total lack of known vulnerabilities in its history also suggests a history of stable and relatively secure development.
However, there are areas of concern that warrant attention. The most significant risk stems from the low percentage of properly escaped output, with 56% of outputs not being adequately sanitized. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without proper escaping. Additionally, the plugin's reliance on external HTTP requests without clear indications of sanitization or authentication checks for these requests could pose a risk if the external services are compromised or malicious. The absence of nonce and capability checks on the single identified shortcode entry point is also a weakness, as it could potentially allow unauthorized actions or information disclosure.
While the plugin has no recorded vulnerabilities to date, the identified weaknesses in output escaping and the lack of robust authentication checks on its entry points represent potential attack vectors. The plugin's strengths lie in its clean code regarding dangerous functions and SQL, but the identified output sanitization and authentication gaps need to be addressed to improve its overall security.
Key Concerns
- Insufficient output escaping
- Shortcode without nonce/capability checks
- External HTTP requests without clear auth/sanitization
Monthly Horoscopes Security Vulnerabilities
Monthly Horoscopes Code Analysis
Output Escaping
Monthly Horoscopes Attack Surface
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
Monthly Horoscopes Maintenance & Trust
Maintenance Signals
Community Trust
Monthly Horoscopes Alternatives
The Daily Horoscope
the-daily-horoscope
Add The Daily Horoscope Plugin to your widgets, posts and pages. Select your sign and read your daily horoscope.
Horoscope widget
daily-horoscope-wp-widget
This is a daily horoscope widget. The widget show 5 stars forecast for every zodiac sign and deep daily horoscope. The content will be pulled from l …
WP Russian Horoscope
wp-russian-horoscope
Данный плагин выводит актуальный гороскоп на текущее число календаря. Имеет несколько категорий и генератор в админпанели.
AstroBene
astrobene
Astrological weather informer (accurate forecast at once for all zodiac signs) for every day. * Russian.
Dakidarts Numerology Core
dakidarts-numerology-core
Integrate numerology calculations into WordPress with shortcodes, Gutenberg blocks, and customizable forms using the Dakidarts Numerology API.
Monthly Horoscopes Developer Profile
1 plugin · 50 total installs
How We Detect Monthly Horoscopes
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/monthly-horoscopes/css/monthly_horoscopes.cssmonthly-horoscopes/css/monthly_horoscopes.css?ver=HTML / DOM Fingerprints
<!-- Adds the shortcode so using the shortcode [monthly_horoscopes] in the text displays the horoscopes --><!-- Called when the Plugin is Activated --><!-- Called when the Plugin is Deactivated --><!-- Addis the submenu to the Wordpress Dashboard -->+5 moreid="horoscopes_options"name="horoscopes_options_submit"[monthly_horoscopes]