WP-Safety

MX Time Zone Clocks Security & Risk Analysis

wordpress.org/plugins/mx-time-zone-clocks

Add time zone clocks to your website.

1K active installs v5.1.1 PHP + WP 4.9+ Updated Apr 17, 2024
clockclock-on-the-website%d0%b3%d0%be%d0%b4%d0%b8%d0%bd%d0%bd%d0%b8%d0%batime-zone
46
D · High Risk
CVEs total3
Unpatched2
Last CVEDec 31, 2025
Plugin page Download
Safety Verdict

Is MX Time Zone Clocks Safe to Use in 2026?

High Risk

Score 46/100

MX Time Zone Clocks carries significant security risk with 3 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

3 known CVEs 2 unpatched Last CVE: Dec 31, 2025Updated 1yr ago
Risk Assessment

The "mx-time-zone-clocks" plugin version 5.1.1 presents a moderate security risk due to several concerning findings in its static analysis and vulnerability history. While it lacks dangerous functions and file operations, the significant number of SQL queries executed without prepared statements is a serious concern, potentially leading to SQL injection vulnerabilities. Furthermore, the plugin has a substantial attack surface with 4 entry points, 2 of which lack proper authentication checks, making them prime targets for unauthorized access or manipulation. The vulnerability history reveals a pattern of Cross-site Scripting (XSS) vulnerabilities, with 3 medium-severity CVEs recorded, and concerningly, 2 of these remain unpatched. This history, coupled with the lack of capability checks and a low rate of proper output escaping (only 40%), strongly suggests a recurring issue with input sanitization and output encoding, increasing the likelihood of future XSS attacks. The plugin's strengths are limited to the absence of critical taint flows and external HTTP requests, but these are overshadowed by the identified risks.

Key Concerns

  • Unpatched CVEs
  • SQL queries without prepared statements
  • Unprotected AJAX handlers
  • Low percentage of properly escaped output
  • Lack of capability checks
  • Medium severity CVEs historically
Vulnerabilities
3

MX Time Zone Clocks Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-62146medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MX Time Zone Clocks <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 31, 2025Unpatched
CVE-2025-31801medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MX Time Zone Clocks <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched
CVE-2021-24671medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MX Time Zone Clocks <= 3.4 - Contributor+ Cross-Site Scripting

Aug 25, 2021 Patched in 3.4.1 (881d)
Code Analysis
Analyzed Mar 16, 2026

MX Time Zone Clocks Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
0 prepared
Unescaped Output
116
77 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared3 total queries

Output Escaping

40% escaped193 total outputs
Attack Surface
2 unprotected

MX Time Zone Clocks Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 3

authwp_ajax_mxmtzc_dismiss_admin_noticeincludes\admin\classes\admin-notices.php:12
authwp_ajax_olena_theme_notice_viewedincludes\admin\classes\admin-notices.php:14
authwp_ajax_mx-timezone-clocks_how_it_works_notice_viewedincludes\admin\classes\admin-notices.php:16

Shortcodes 1

[mxmtzc_time_zone_clocks] includes\frontend\classes\shortcode.php:24
WordPress Hooks 12
actionadmin_noticesincludes\admin\classes\admin-notices.php:58
actionadmin_noticesincludes\admin\classes\admin-notices.php:59
actionadmin_noticesincludes\admin\classes\admin-notices.php:60
actionadmin_enqueue_scriptsincludes\admin\classes\enqueue-scripts.php:23
actionadmin_noticesincludes\core\error_handle\Display-Error.php:27
actionadmin_noticesincludes\core\error_handle\Display_Error.php:26
actionadmin_menuincludes\core\Route-Registrar.php:160
actionwp_enqueue_scriptsincludes\frontend\classes\enqueue-scripts.php:24
actionwp_enqueue_scriptsincludes\global\index.php:37
actionadmin_enqueue_scriptsincludes\global\index.php:38
actioninitincludes\gutenberg\gutenberg-main.php:19
actionplugins_loadedmx-time-zone-clocks.php:116
Maintenance & Trust

MX Time Zone Clocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 17, 2024
PHP min version
Downloads29K

Community Trust

Rating94/100
Number of ratings15
Active installs1K
Alternatives

MX Time Zone Clocks Alternatives

Countdown Timer Ultimate

Countdown Timer Ultimate

countdown-timer-ultimate

A
100

A quick, easy way to add and display responsive Countdown timer on your website. Also work with Gutenberg shortcode block.

20K No CVEs
CoolClock – a Javascript Analog Clock

CoolClock – a Javascript Analog Clock

coolclock

A
85

Show an analog clock on your WordPress site sidebar or in post and page content.

2K 1 CVE
Easy Timer

Easy Timer

easy-timer

A
98

Allows you to easily display a count down/up timer, the time or the current date on your website, and to schedule an automatic content modification.

1K 1 CVE
Local Time Clock

Local Time Clock

local-time-clock

A
92

Display a clock on your sidebar set automatically to your location's timezone. Select from a choice of clocks, colors and sizes.

1K No CVEs
WPC Countdown Timer for WooCommerce

WPC Countdown Timer for WooCommerce

wpc-countdown-timer

A
99

WPC Countdown Timer helps you display countdown timer in single product pages and shop page.

1K 1 CVE
Developer Profile

MX Time Zone Clocks Developer Profile

Maksym Marko

11 plugins · 1K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
881 days
View full developer profile
Detection Fingerprints

How We Detect MX Time Zone Clocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mx-time-zone-clocks/assets/font-awesome-4.6.3/css/font-awesome.min.css/wp-content/plugins/mx-time-zone-clocks/includes/admin/assets/css/style.css/wp-content/plugins/mx-time-zone-clocks/includes/admin/assets/js/script.js/wp-content/plugins/mx-time-zone-clocks/includes/admin/assets/js/image-upload.js/wp-content/plugins/mx-time-zone-clocks/includes/frontend/assets/css/style.css/wp-content/plugins/mx-time-zone-clocks/includes/frontend/assets/js/script.js/wp-content/plugins/mx-time-zone-clocks/assets/build/index.js
Script Paths
/wp-content/plugins/mx-time-zone-clocks/assets/font-awesome-4.6.3/css/font-awesome.min.css/wp-content/plugins/mx-time-zone-clocks/includes/admin/assets/css/style.css/wp-content/plugins/mx-time-zone-clocks/includes/admin/assets/js/script.js/wp-content/plugins/mx-time-zone-clocks/includes/admin/assets/js/image-upload.js/wp-content/plugins/mx-time-zone-clocks/includes/frontend/assets/css/style.css/wp-content/plugins/mx-time-zone-clocks/includes/frontend/assets/js/script.js+1 more
Version Parameters
mx-time-zone-clocks/assets/font-awesome-4.6.3/css/font-awesome.min.css?ver=mx-time-zone-clocks/includes/admin/assets/css/style.css?ver=mx-time-zone-clocks/includes/admin/assets/js/script.js?ver=mx-time-zone-clocks/includes/admin/assets/js/image-upload.js?ver=mx-time-zone-clocks/includes/frontend/assets/css/style.css?ver=mx-time-zone-clocks/includes/frontend/assets/js/script.js?ver=mx-time-zone-clocks/assets/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
mx-clock-
HTML Comments
<!-- Unique string - MXMTZC --><!-- Define MXMTZC_PLUGIN_PATH --><!-- \my-domain.com\wp-content\plugins\mx-time-zone-clocks\mx-time-zone-clocks.php --><!-- Define MXMTZC_PLUGIN_URL -->+24 more
Data Attributes
time_zonecity_nametime_formatdigital_clocklanglang_for_date+4 more
JS Globals
mxmtzc_admin_localizemxdfmtzc_localizer
Shortcode Output
[mxmtzc_time_zone_clocks]
FAQ

Frequently Asked Questions about MX Time Zone Clocks