Does Post Timer have any unpatched vulnerabilities?

No. All known vulnerabilities in Post Timer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Post Timer compatible with WordPress 6.7.5?

According to WordPress.org data, Post Timer 5.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Post Timer updated?

Post Timer was last updated on Dec 6, 2024. Frequent updates are generally a positive security signal.

What is Post Timer's security score?

Post Timer has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post Timer Security & Risk Analysis

wordpress.org/plugins/post-timer

Simple and easy-to-use WP plugin that displays a timer popup on selected posts, pages, or custom post types when a user adds or edits content.

10 active installs v5.0 PHP + WP 6.0+ Updated Dec 6, 2024

custom-post-timerpost-timertimer-popup

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Post Timer Safe to Use in 2026?

Generally Safe

Score 92/100

Post Timer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The post-timer v5.0 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is highly commendable. Furthermore, the complete absence of unsanitized taint flows and the 100% proper output escaping indicate a robust approach to preventing common web vulnerabilities like XSS and SQL injection. The presence of nonce and capability checks, even with a limited attack surface, suggests an awareness of WordPress security best practices for authentication and authorization.

While the static analysis reveals a remarkably clean codebase with no identified vulnerabilities or exploitable entry points, the limited scope of the static analysis (2 taint flows analyzed) means that it's possible for vulnerabilities to exist outside of this limited scope, though the absence of known CVEs history is a very positive indicator. The plugin's history shows no recorded vulnerabilities, which, combined with the clean code analysis, suggests a mature and well-maintained security profile. However, it's important to note that static analysis has its limitations, and thorough dynamic testing would provide a more comprehensive assurance.

In conclusion, post-timer v5.0 appears to be a secure plugin with excellent coding practices. Its strength lies in its proactive approach to sanitization, output escaping, and use of WordPress security features. The lack of historical vulnerabilities further solidifies its good security standing. The only potential area for improvement, though not a current risk based on the data, would be to ensure the attack surface remains minimal and well-protected as the plugin evolves. Overall, the plugin presents a very low risk.

Vulnerabilities

None known

Post Timer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Post Timer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

97 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped97 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

addweb_pt_timer_popup_options (post_timer_class.php:213)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Post Timer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

actionadmin_menuincludes\admin.php:25

actionadmin_initincludes\admin.php:26

actionadmin_enqueue_scriptsincludes\admin.php:27

actionadmin_headincludes\timer.php:32

actionadmin_headincludes\timer.php:33

filteradmin_footerincludes\timer.php:34

actionadmin_footerincludes\timer.php:35

actionadmin_menupost_timer_class.php:125

actionadmin_enqueue_scriptspost_timer_class.php:130

actionadmin_enqueue_scriptspost_timer_class.php:131

actionadmin_initpost_timer_class.php:132

actionadmin_enqueue_scriptspost_timer_class.php:141

actionadmin_enqueue_scriptspost_timer_class.php:158

actionadmin_headpost_timer_class.php:159

actionadmin_headpost_timer_class.php:160

filteradmin_footerpost_timer_class.php:161

actionadmin_footerpost_timer_class.php:162

Maintenance & Trust

Post Timer Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 6, 2024

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings4

Active installs10

Alternatives

Post Timer Alternatives

Post Display Timer

post-display-timer

100

Display posts with a countdown timer and control how long visitors view each post before proceeding to the next one.

0 No CVEs

Developer Profile

Post Timer Developer Profile

AddWeb Solution

6 plugins · 80 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Post Timer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-timer/assets/css/post-timer-popup.css/wp-content/plugins/post-timer/assets/js/admin.js/wp-content/plugins/post-timer/assets/css/jquery-ui.min.css

Script Paths

/wp-content/plugins/post-timer/assets/js/admin.js

Version Parameters

post-timer-style?ver=post-timer-admin-script?ver=post-timer-jquery-ui-css?ver=

HTML / DOM Fingerprints

CSS Classes

addweb-pt-timer-popuppopup-wrappopup-headerpopup-titletimer-clock

JS Globals

ADDWEBPT_POST_TIMERADDWEBPT_TIMER

FAQ