WP-Safety

Nepali Date Utilities Security & Risk Analysis

wordpress.org/plugins/nepali-date-utilities

"Nepali Date Utilities" plugin converts English to Nepali dates, offering post dates and today’s date via shortcode for easy display on sites.

1K active installs v1.0.15 PHP 5.2.4+ WP 4.0+ Updated May 14, 2025
display-nepali-datenepali-datenepali-date-utilitiesnepali-post-date
71
B · Generally Safe
CVEs total1
Unpatched1
Last CVEApr 9, 2025
Download
Safety Verdict

Is Nepali Date Utilities Safe to Use in 2026?

Mostly Safe

Score 71/100

Nepali Date Utilities is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Apr 9, 2025Updated 1yr ago
Risk Assessment

The "nepali-date-utilities" plugin v1.0.15 exhibits a mixed security posture. On the positive side, the code adheres to good practices by exclusively using prepared statements for SQL queries and performing no file operations or external HTTP requests. However, there are significant concerns regarding output escaping, with only 44% of outputs being properly escaped, leaving a substantial portion vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, the absence of nonce checks and capability checks for its sole shortcode entry point is a notable weakness, potentially exposing it to Cross-Site Request Forgery (CSRF) attacks. The vulnerability history indicates a past medium-severity CVE, which is currently unpatched. This, coupled with the identified output escaping issues and lack of authentication on the shortcode, suggests a medium to high risk profile for this plugin.

Key Concerns

  • Unpatched medium severity CVE
  • Insufficient output escaping (56% unescaped)
  • Missing nonce check on shortcode
  • Missing capability check on shortcode
  • Flows with unsanitized paths
Vulnerabilities
1 published

Nepali Date Utilities Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-32664medium · 6.1Cross-Site Request Forgery (CSRF)

Nepali Date Utilities <= 1.0.13 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 9, 2025Unpatched
Version History

Nepali Date Utilities Release Timeline

v1.0.15Current1 CVE
CVE-2025-32664
v1.0.141 CVE
CVE-2025-32664
v1.0.131 CVE
CVE-2025-32664
v1.0.121 CVE
CVE-2025-32664
v1.0.111 CVE
CVE-2025-32664
v1.0.101 CVE
CVE-2025-32664
v1.0.91 CVE
CVE-2025-32664
v1.0.81 CVE
CVE-2025-32664
v1.0.71 CVE
CVE-2025-32664
v1.0.61 CVE
CVE-2025-32664
v1.0.51 CVE
CVE-2025-32664
v1.0.41 CVE
CVE-2025-32664
v1.0.31 CVE
CVE-2025-32664
v1.0.21 CVE
CVE-2025-32664
v1.0.11 CVE
CVE-2025-32664
v1.0.01 CVE
CVE-2025-32664
Code Analysis
Analyzed Mar 16, 2026

Nepali Date Utilities Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

44% escaped18 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ndu_nepali_date_utilities_page (nepali-date-utilities.php:203)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Nepali Date Utilities Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[ndu_today_date] nepali-date-utilities.php:117
WordPress Hooks 11
actionwidgets_initclass.todaydate.php:67
actionplugins_loadednepali-date-utilities.php:21
filterget_the_datenepali-date-utilities.php:122
filterthe_datenepali-date-utilities.php:123
filterget_the_timenepali-date-utilities.php:124
filterthe_timenepali-date-utilities.php:125
filterthe_modified_timenepali-date-utilities.php:127
filterget_the_modified_timenepali-date-utilities.php:128
filterthe_modified_datenepali-date-utilities.php:129
filterget_the_modified_datenepali-date-utilities.php:130
actionadmin_menunepali-date-utilities.php:301
Maintenance & Trust

Nepali Date Utilities Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 14, 2025
PHP min version5.2.4
Downloads9K

Community Trust

Rating94/100
Number of ratings3
Active installs1K
Alternatives

Nepali Date Utilities Alternatives

Nepali Date Converter

Nepali Date Converter

nepali-date-converter

A
91

Convert English dates to Nepali and vice versa, including WordPress post dates. Includes widgets, shortcodes, and custom functions.

900 1 CVE
Nyasro Nepali Date Converter

Nyasro Nepali Date Converter

nyasro-nepali-date-converter

A
85

Nyasro Nepali Date Converter allows to convert A.D. (English Date) to B.S. (Nepali Date) and Vice Versa.

200 No CVEs
Nepali Chrono Craft

Nepali Chrono Craft

nepali-chrono-craft

A
85

With this easy-to-use tool, you can convert any date from the Gregorian calendar to its equivalent date in the Bikram Sambat calendar and vice versa.

10 No CVEs
Nepali Date

Nepali Date

nepali-date

A
85

Nepali Date is a plugin to display the current nepali date on your website.

10 No CVEs
CHP Nepali Date Converter

CHP Nepali Date Converter

chp-nepali-date-converter

A
85

CHP Nepali Date Converter plugin is developed in order to provide dates conversion from English to Nepali dates and Vice Versa.

0 No CVEs
Developer Profile

Nepali Date Utilities Developer Profile

ashokbasnet

1 plugin · 1K total installs

74
trust score
Avg Security Score
71/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Nepali Date Utilities

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
[ndu_today_date]
FAQ

Frequently Asked Questions about Nepali Date Utilities