WP-Safety

Salah Time Calendar Security & Risk Analysis

wordpress.org/plugins/salah-time-calender

5 wakt salah time calendar for mosque. Jamat time can be edited from admin panel.

10 active installs v1.0.2 PHP 5.6+ WP 4.0+ Updated Apr 9, 2026
fasting-time-calendarjamat-timemosque-timesalah-time
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Salah Time Calendar Safe to Use in 2026?

Generally Safe

Score 100/100

Salah Time Calendar has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "salah-time-calender" plugin v1.0.2 exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and unpatched vulnerabilities is a significant strength, indicating a history of stable and likely secure development. The analysis shows no critical or high severity taint flows, and all SQL queries are performed using prepared statements, which is a crucial defense against SQL injection. Furthermore, the plugin demonstrates good practices with the presence of nonce and capability checks, albeit limited in number.

However, there are areas for improvement. The most notable concern is the relatively low percentage of properly escaped output (67%). This leaves a significant portion of the plugin's output potentially vulnerable to Cross-Site Scripting (XSS) attacks, especially if the unescaped data originates from user input. While there are no unprotected entry points identified, the presence of three shortcodes represents potential vectors for exploitation if they handle user-supplied data without proper sanitization and escaping.

In conclusion, the plugin is strong in its foundational security practices like prepared statements and lack of known vulnerabilities. The primary weakness lies in output escaping, which requires attention to mitigate XSS risks. The limited number of checks and the potential for insecure handling of data within shortcodes are minor concerns but should be reviewed to ensure comprehensive security.

Key Concerns

  • Significant portion of output not properly escaped
  • Three shortcodes without clear auth checks
Vulnerabilities
None known

Salah Time Calendar Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Salah Time Calendar Release Timeline

v1.0.2Current
v1.0.1
Code Analysis
Analyzed Mar 17, 2026

Salah Time Calendar Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
28 escaped
Nonce Checks
2
Capability Checks
1
File Operations
3
External Requests
0
Bundled Libraries
0

Output Escaping

67% escaped42 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
manage_salah_time (classes\class-salah-time.php:19)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Salah Time Calendar Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[salah_time] classes\class-salah-shortcode.php:11
[st_date_english] classes\class-salah-shortcode.php:12
[st_date_hijri] classes\class-salah-shortcode.php:13
WordPress Hooks 7
actionplugins_loadedclasses\class-salah-loader.php:13
actioninitclasses\class-salah-loader.php:21
filterwp_enqueue_scriptsclasses\class-salah-loader.php:22
filterthe_contentclasses\class-salah-shortcode.php:9
filterwidget_textclasses\class-salah-shortcode.php:10
actionadmin_menuclasses\class-salah-time.php:8
filterplugin_row_metasalah-time.php:25
Maintenance & Trust

Salah Time Calendar Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 9, 2026
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Salah Time Calendar Alternatives

Salah World – Prayer and iQamah Timings for Masjids

Salah World – Prayer and iQamah Timings for Masjids

salah-world-prayer-iqamah-timings-for-your-masjids

A
85

Displays daily and monthly prayer and iqamah timings for your Masjid. Notify user when iqamah timings will change!

10 No CVEs
Daily Prayer Time

Daily Prayer Time

daily-prayer-time-for-mosques

A
91

Display prayer time in any screen, in any language and many more.

1K 6 CVEs
Developer Profile

Salah Time Calendar Developer Profile

Ruhul Amin

4 plugins · 21K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Salah Time Calendar

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/salah-time-calender/assets/js/PrayTimes.js/wp-content/plugins/salah-time-calender/assets/js/hijri-date.js/wp-content/plugins/salah-time-calender/assets/css/praytime.css
Script Paths
/wp-content/plugins/salah-time-calender/assets/js/PrayTimes.js/wp-content/plugins/salah-time-calender/assets/js/hijri-date.js
Version Parameters
salah-time-calender/assets/css/praytime.css?ver=

HTML / DOM Fingerprints

CSS Classes
salah-calender-selectorsalah-rowsalah-col-md-3salah-col-sm-3salah-col-xs-3salah-col-md-6salah-col-sm-6salah-col-xs-6+10 more
Data Attributes
data-event="lpe_displayMonth_left"data-event="lpe_displayMonth_right"
JS Globals
salah_confmadinaHijriDatemadinagmodHijriCalendar
Shortcode Output
[salah_time][st_date_english][st_date_hijri]
FAQ

Frequently Asked Questions about Salah Time Calendar