Nepali Land Converter Security & Risk Analysis

wordpress.org/plugins/nepali-land-converter

Convert the Sq.Feet area into the nepali format land like daam,paisa,anna and ropani, likewise door,katha and bigha.

10 active installs v2.0.0 PHP + WP 3.6+ Updated Aug 11, 2016
land-converternepalnepalinepali-land-converter
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Nepali Land Converter Safe to Use in 2026?

Generally Safe

Score 85/100

Nepali Land Converter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "nepali-land-converter" v2.0.0 plugin exhibits a surprisingly low attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed. The code signals further indicate a cautious approach to database interactions, as all SQL queries utilize prepared statements. However, a significant concern arises from the output escaping, where only 25% of the eight identified outputs are properly escaped. This leaves a considerable portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks if user-supplied data is not sufficiently sanitized before being displayed.

The plugin's vulnerability history is remarkably clean, with no known CVEs recorded. This suggests a generally well-maintained codebase or perhaps a less targeted plugin. The absence of any recorded vulnerabilities, critical taint flows, or dangerous functions in the static analysis further bolsters the impression of a secure component. Nevertheless, the poor output escaping is a tangible weakness that, despite the lack of historical incidents, presents a clear and present risk that should be addressed.

In conclusion, while the "nepali-land-converter" v2.0.0 plugin demonstrates strengths in minimizing its attack surface and secure database practices, the inadequate output escaping is a critical oversight. This weakness, if exploited, could lead to XSS vulnerabilities. The lack of historical vulnerabilities is positive but does not negate the identified code-level risk. Addressing the output escaping issues should be the primary focus for improving the plugin's security posture.

Key Concerns

  • Poor output escaping
Vulnerabilities
None known

Nepali Land Converter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Nepali Land Converter Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Nepali Land Converter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

25% escaped8 total outputs
Attack Surface

Nepali Land Converter Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initnepali-converter.php:26
Maintenance & Trust

Nepali Land Converter Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedAug 11, 2016
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Developer Profile

Nepali Land Converter Developer Profile

Padam Shankhadev

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Nepali Land Converter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nepali-land-converter/js/landconverter.js
Script Paths
/wp-content/plugins/nepali-land-converter/js/landconverter.js
Version Parameters
nepali-land-converter/js/landconverter.js?ver=1.0.0

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Nepali Land Converter