Page Expiration Robot – Countdown Timer Security & Risk Analysis
wordpress.org/plugins/page-expiration-robotThe official #1 most intelligent, scarcity countdown timer plugin ever created for WordPress to expire posts AND pages on autopilot!
Is Page Expiration Robot – Countdown Timer Safe to Use in 2026?
Generally Safe
Score 85/100Page Expiration Robot – Countdown Timer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'page-expiration-robot' plugin version 3.2.1 presents a mixed security posture. On the positive side, it demonstrates a lack of known vulnerabilities in its history and does not utilize dangerous functions, raw SQL queries, or bundled libraries. It also shows some use of capability checks and its SQL queries are all prepared statements.
However, significant concerns arise from the static analysis. The plugin exposes a substantial attack surface, with 4 out of 5 entry points lacking authentication checks, including all its AJAX handlers. Furthermore, 100% of its output is unescaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also indicates a flow with unsanitized paths, which, while not currently rated critical or high, still represents a potential avenue for exploitation.
The absence of any historical vulnerabilities, coupled with the use of prepared statements, suggests a potentially diligent developer in some areas. Nevertheless, the current static analysis reveals critical shortcomings in input sanitization and authentication for its AJAX endpoints. The plugin's security needs significant improvement, particularly regarding output escaping and securing AJAX handlers.
Key Concerns
- Unprotected AJAX handlers
- Unescaped output (100%)
- Flow with unsanitized paths
- No nonce checks on AJAX handlers
Page Expiration Robot – Countdown Timer Security Vulnerabilities
Page Expiration Robot – Countdown Timer Code Analysis
Output Escaping
Data Flow Analysis
Page Expiration Robot – Countdown Timer Attack Surface
AJAX Handlers 4
Shortcodes 1
WordPress Hooks 6
Maintenance & Trust
Page Expiration Robot – Countdown Timer Maintenance & Trust
Maintenance Signals
Community Trust
Page Expiration Robot – Countdown Timer Alternatives
Evergreen Countdown Timer
intelly-countdown
Evergreen Countdown is a plugin built for marketers that need a reliable solution to use scarcity on their websites and landing pages.
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
hurrytimer
Create unlimited urgency and scarcity countdown timers for WordPress and WooCommerce to boost conversions and sales instantly.
Smart Countdown Scarcity
smart-countdown-scarcity
Display time-limited, product-specific sale banners on WooCommerce products to create urgency and increase conversions.
Countdown Timer Ultimate
countdown-timer-ultimate
A quick, easy way to add and display responsive Countdown timer on your website. Also work with Gutenberg shortcode block.
Countdown, Coming Soon, Maintenance – Countdown & Clock
countdown-builder
Countdown builder - Customizable Countdown Timer
Page Expiration Robot – Countdown Timer Developer Profile
3 plugins · 310 total installs
How We Detect Page Expiration Robot – Countdown Timer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/page-expiration-robot/images/per_icon.png/wp-content/plugins/page-expiration-robot/js/js.js/wp-content/plugins/page-expiration-robot/css/css.css/wp-content/plugins/page-expiration-robot/js/shortcode.js//app.pageexpirationrobot.com/redirect.js//app.pageexpirationrobot.com/redirectnew.js//app.pageexpirationrobot.com/timedcontent.jshttps://app.pageexpirationrobot.com/timedcontent.jsHTML / DOM Fingerprints
perSAAS_editor_buttonid="perSAASShrt"window.location.replace("https://app.pageexpirationrobot.com/log-in.php")window.location.replace("https://pageexpirationrobot.helpscoutdocs.com/collection/120-web-app-faq")[PERSAAS