WP-Safety

Timetable Security & Risk Analysis

wordpress.org/plugins/plan-lekcji

A WordPress plugin for managing school timetables based on files generated by Vulcan Optivum, allowing ZIP file uploads.

0 active installs v2.7.3 PHP + WP 4.0+ Updated Unknown
administrationschedulesettingstimetablewp
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Timetable Safe to Use in 2026?

Generally Safe

Score 100/100

Timetable has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plan-lekcji v2.7.3 plugin demonstrates a generally strong security posture, with an impressive 100% of SQL queries using prepared statements and a high rate of output escaping (92%). The absence of known vulnerabilities in its history, critical taint flows, or dangerous functions is highly commendable. This indicates a developer who is conscious of common web security pitfalls.

However, the plugin is not without its concerns. The presence of one unprotected REST API route represents a significant attack vector. While the total attack surface is small, this single unprotected entry point could potentially be exploited. The limited number of capability checks and nonces, although not directly pointing to a vulnerability given the current code signals, suggests a potential for future issues if the plugin's functionality expands without commensurate security enhancements.

In conclusion, plan-lekcji v2.7.3 is a relatively secure plugin, primarily due to its robust data handling and lack of historical issues. The key weakness lies in the unprotected REST API route. Addressing this single entry point should be the immediate priority to further solidify its security.

Key Concerns

  • Unprotected REST API route
Vulnerabilities
None known

Timetable Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Timetable Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
71 escaped
Nonce Checks
7
Capability Checks
1
File Operations
10
External Requests
0
Bundled Libraries
0

Output Escaping

92% escaped77 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
planle_render_app2 (includes\dobry_plan.php:2)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Timetable Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 2

authwp_ajax_planle_increment_viewincludes\views-counter.php:16
noprivwp_ajax_planle_increment_viewincludes\views-counter.php:17

REST API Routes 1

GET/wp-json/planle/v1/sse-endpoint/includes\sse-endpoint.php:62

Shortcodes 1

[planle_plan] plan-lekcji.php:66
WordPress Hooks 9
actionwp_enqueue_scriptsincludes\enqueue.php:81
actionadmin_initincludes\functions.php:39
actionadmin_initincludes\publish-test.php:102
actionadmin_menuincludes\settings-page.php:140
actionadmin_initincludes\settings-page.php:141
actionrest_api_initincludes\sse-endpoint.php:69
actionadmin_post_planle_upload_normalincludes\upload_and_extract.php:141
actionadmin_post_planle_upload_testincludes\upload_and_extract.php:155
actionplugins_loadedplan-lekcji.php:46
Maintenance & Trust

Timetable Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version
Downloads933

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Timetable Alternatives

Timetable and Event Schedule by MotoPress

Timetable and Event Schedule by MotoPress

mp-timetable

A
86

Smart event organizer and time-management tool with a clean minimalist design for featuring your timetables and upcoming events.

30K 8 CVEs
MainWP Key Maker

MainWP Key Maker

mainwp-key-maker

A
100

The MainWP Key Maker plugin copies settings for the MainWP Bulk Settings Manager Extension.

5K No CVEs
WPC Product Timer for WooCommerce

WPC Product Timer for WooCommerce

woo-product-timer

A
100

WPC Product Timer helps you add many actions for the product based on the conditionals of the time.

3K No CVEs
Cron Jobs

Cron Jobs

leira-cron-jobs

A
99

Easily manage and monitor your WordPress cron jobs from a clean, intuitive interface.

2K 1 CVE
Easy PHP Settings

Easy PHP Settings

easy-php-settings

A
97

An easy way to manage common PHP INI settings and WordPress debugging constants from the WordPress admin panel.

1K 1 CVE
Developer Profile

Timetable Developer Profile

Damian Wałach

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Timetable

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/plan-lekcji/css/styles1.css/wp-content/plugins/plan-lekcji/css/dobry_plan.css/wp-content/plugins/plan-lekcji/js/menu.js/wp-content/plugins/plan-lekcji/js/printTableScript.js/wp-content/plugins/plan-lekcji/js/dobry_plan.js
Script Paths
/wp-content/plugins/plan-lekcji/js/menu.js/wp-content/plugins/plan-lekcji/js/printTableScript.js/wp-content/plugins/plan-lekcji/js/dobry_plan.js
Version Parameters
plan-lekcji/css/styles1.css?ver=plan-lekcji/css/dobry_plan.css?ver=plan-lekcji/js/menu.js?ver=plan-lekcji/js/printTableScript.js?ver=plan-lekcji/js/dobry_plan.js?ver=

HTML / DOM Fingerprints

CSS Classes
tabelatytulnapis
Data Attributes
class="tabela"cellspacing="0"cellpadding="4"border="1"
JS Globals
planle_ajaxwindow.planle_ajax
REST Endpoints
/planle/v1/sse-endpoint/
Shortcode Output
<p style="color:red;">Please select a plan generator in settings.</p>
FAQ

Frequently Asked Questions about Timetable