Does Nepali Date Utilities have any unpatched vulnerabilities?

Yes — Nepali Date Utilities currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Nepali Date Utilities compatible with WordPress 6.8.5?

According to WordPress.org data, Nepali Date Utilities 1.0.15 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Nepali Date Utilities compatible with PHP 5.2.4+?

Nepali Date Utilities requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Nepali Date Utilities updated?

Nepali Date Utilities was last updated on May 14, 2025. Frequent updates are generally a positive security signal.

What is Nepali Date Utilities's security score?

Nepali Date Utilities has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Nepali Date Utilities Security & Risk Analysis

wordpress.org/plugins/nepali-date-utilities

"Nepali Date Utilities" plugin converts English to Nepali dates, offering post dates and today’s date via shortcode for easy display on sites.

1K active installs v1.0.15 PHP 5.2.4+ WP 4.0+ Updated May 14, 2025

display-nepali-datenepali-datenepali-date-utilitiesnepali-post-date

B · Generally Safe

CVEs total1

Unpatched1

Last CVEApr 9, 2025

Download

Safety Verdict

Is Nepali Date Utilities Safe to Use in 2026?

Mostly Safe

Score 78/100

Nepali Date Utilities is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 9, 2025Updated 10mo ago

Risk Assessment

The "nepali-date-utilities" plugin v1.0.15 exhibits a mixed security posture. On the positive side, the code adheres to good practices by exclusively using prepared statements for SQL queries and performing no file operations or external HTTP requests. However, there are significant concerns regarding output escaping, with only 44% of outputs being properly escaped, leaving a substantial portion vulnerable to Cross-Site Scripting (XSS) attacks. Additionally, the absence of nonce checks and capability checks for its sole shortcode entry point is a notable weakness, potentially exposing it to Cross-Site Request Forgery (CSRF) attacks. The vulnerability history indicates a past medium-severity CVE, which is currently unpatched. This, coupled with the identified output escaping issues and lack of authentication on the shortcode, suggests a medium to high risk profile for this plugin.

Key Concerns

Unpatched medium severity CVE
Insufficient output escaping (56% unescaped)
Missing nonce check on shortcode
Missing capability check on shortcode
Flows with unsanitized paths

Vulnerabilities

Nepali Date Utilities Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32664medium · 6.1Cross-Site Request Forgery (CSRF)

Nepali Date Utilities <= 1.0.13 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 9, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Nepali Date Utilities Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

44% escaped18 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

ndu_nepali_date_utilities_page (nepali-date-utilities.php:203)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Nepali Date Utilities Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[ndu_today_date] nepali-date-utilities.php:117

WordPress Hooks 11

actionwidgets_initclass.todaydate.php:67

actionplugins_loadednepali-date-utilities.php:21

filterget_the_datenepali-date-utilities.php:122

filterthe_datenepali-date-utilities.php:123

filterget_the_timenepali-date-utilities.php:124

filterthe_timenepali-date-utilities.php:125

filterthe_modified_timenepali-date-utilities.php:127

filterget_the_modified_timenepali-date-utilities.php:128

filterthe_modified_datenepali-date-utilities.php:129

filterget_the_modified_datenepali-date-utilities.php:130

actionadmin_menunepali-date-utilities.php:301

Maintenance & Trust

Nepali Date Utilities Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 14, 2025

PHP min version5.2.4

Downloads8K

Community Trust

Rating94/100

Number of ratings3

Active installs1K

Alternatives

Nepali Date Utilities Alternatives

Nepali Date Converter

nepali-date-converter

Convert English dates to Nepali and vice versa, including WordPress post dates. Includes widgets, shortcodes, and custom functions.

900 1 CVE

Nyasro Nepali Date Converter

nyasro-nepali-date-converter

Nyasro Nepali Date Converter allows to convert A.D. (English Date) to B.S. (Nepali Date) and Vice Versa.

200 No CVEs

Nepali Chrono Craft

nepali-chrono-craft

With this easy-to-use tool, you can convert any date from the Gregorian calendar to its equivalent date in the Bikram Sambat calendar and vice versa.

10 No CVEs

CHP Nepali Date Converter

chp-nepali-date-converter

CHP Nepali Date Converter plugin is developed in order to provide dates conversion from English to Nepali dates and Vice Versa.

0 No CVEs

Developer Profile

Nepali Date Utilities Developer Profile

ashokbasnet

1 plugin · 1K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Nepali Date Utilities

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

[ndu_today_date]

FAQ