Recurring Timer Widget Security & Risk Analysis
wordpress.org/plugins/recurring-timer-widgetWidget to display a countdown timer for a recurring event.
Is Recurring Timer Widget Safe to Use in 2026?
Generally Safe
Score 85/100Recurring Timer Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'recurring-timer-widget' plugin version 1.7 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding database interactions, with all SQL queries utilizing prepared statements, and it has no recorded vulnerabilities or CVEs, suggesting a history of responsible development and maintenance.
However, several significant concerns are raised by the static analysis. The presence of the `create_function` is a critical issue, as it can lead to arbitrary code execution if used with user-supplied input. Furthermore, the extremely low percentage of properly escaped output (15%) indicates a high risk of cross-site scripting (XSS) vulnerabilities. The complete lack of nonce checks and capability checks, combined with zero entry points being flagged as unprotected, is puzzling and suggests either an incomplete analysis or a plugin that relies heavily on other security mechanisms. The absence of any taint flows is also unusual and might indicate limitations in the analysis itself rather than genuine absence of risk, especially given the other code signals.
In conclusion, while the plugin's history is clean and its database interactions are secure, the identified code signals, particularly `create_function` and widespread unescaped output, present substantial security risks that require immediate attention. The lack of explicit security checks on its (currently reported) zero entry points is also a point of concern that warrants further investigation.
Key Concerns
- Presence of create_function
- Low percentage of properly escaped output
- No nonce checks
- No capability checks
Recurring Timer Widget Security Vulnerabilities
Recurring Timer Widget Code Analysis
Dangerous Functions Found
Output Escaping
Recurring Timer Widget Attack Surface
WordPress Hooks 3
Maintenance & Trust
Recurring Timer Widget Maintenance & Trust
Maintenance Signals
Community Trust
Recurring Timer Widget Alternatives
Simple Calendar – Google Calendar Plugin
google-calendar-events
Add Google Calendar events to your WordPress site in minutes. Beautiful calendar displays. Mobile responsive.
Countdown Timer Ultimate
countdown-timer-ultimate
A quick, easy way to add and display responsive Countdown timer on your website. Also work with Gutenberg shortcode block.
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce
hurrytimer
Create unlimited urgency and scarcity countdown timers for WordPress and WooCommerce to boost conversions and sales instantly.
Events Widgets For Elementor And The Events Calendar
events-widgets-for-elementor-and-the-events-calendar
The Events Calendar Elementor widgets help you manage and display an upcoming events list with date, time, venue and event ticket booking details.
Countdown Timer – Widget Countdown
widget-countdown
Countdown timer plugin is an nice tool to create and insert timers into your posts/pages and widgets.
Recurring Timer Widget Developer Profile
1 plugin · 10 total installs
How We Detect Recurring Timer Widget
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/recurring-timer-widget/recurring-timer-widget.css/wp-content/plugins/recurring-timer-widget/recurring-timer-widget.jsrecurring-timer-widget/recurring-timer-widget.js?ver=recurring-timer-widget/recurring-timer-widget.css?ver=HTML / DOM Fingerprints
rt-contentrt-countdownrt-pairrt-pair-daysrt-daysrt-labelrt-label-daysrt-separator+9 morefor="rt-days"for="rt-hours"for="rt-minutes"for="rt-seconds"rt_timersRT_Widget