SJ Reading Time Security & Risk Analysis
wordpress.org/plugins/sj-reading-timeSJ Reading Time helps you to quickly estimate your content read time and insert using a shortcode.
Is SJ Reading Time Safe to Use in 2026?
Generally Safe
Score 100/100SJ Reading Time has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "sj-reading-time" plugin v1.0.2 exhibits a strong security posture based on the provided static analysis. The code demonstrates excellent practices by utilizing prepared statements for all SQL queries and properly escaping all outputs, leaving no room for common injection vulnerabilities in these areas. The absence of file operations, external HTTP requests, and dangerous functions further minimizes the attack surface. The plugin also correctly implements a capability check, indicating awareness of WordPress security principles. Taint analysis revealing no unsanitized paths is a significant positive indicator.
While the current version shows no known vulnerabilities and a clean history, the analysis does highlight a potential area of concern: the lack of nonce checks. Although the attack surface is currently small and consists of only one shortcode without any explicit AJAX or REST API endpoints, the absence of nonce checks means that if the plugin were to evolve and introduce such functionalities, they would be inherently vulnerable to Cross-Site Request Forgery (CSRF) attacks unless checks are added. The complete absence of recorded vulnerabilities in its history is a very positive sign, suggesting a history of secure development.
Key Concerns
- Missing nonce checks
SJ Reading Time Security Vulnerabilities
SJ Reading Time Release Timeline
SJ Reading Time Code Analysis
Output Escaping
SJ Reading Time Attack Surface
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
SJ Reading Time Maintenance & Trust
Maintenance Signals
Community Trust
SJ Reading Time Alternatives
Reading Time WP
reading-time-wp
Reading Time WP creates an estimated reading time of your posts that is inserted above the content or by using a shortcode.
My Reading Time Lite
my-reading-time-lite
Reading Time lite plugin enables an estimated reading time that inserted above or bottom in post. Insert anywhere using shortcode too.
Just Writing Statistics
just-writing-statistics
Calculate your writing statistics on your WordPress site.
Reading Time
reading-time
Reading Time shows the estimated reading time and puts an animated progress bar inside the post.
Timify
timify
With Timify, let your audience know about the last modified date, publish date, and reading time of your articles. You can also customize each setting …
SJ Reading Time Developer Profile
1 plugin · 0 total installs
How We Detect SJ Reading Time
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/sj-reading-time/css/style.css/wp-content/plugins/sj-reading-time/js/script.js/wp-content/plugins/sj-reading-time/js/script.jssjrt-reading-time/css/style.css?ver=sjrt-reading-time/js/script.js?ver=HTML / DOM Fingerprints
<!--
SJ Reading Time is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 2 of the License, or
any later version.
SJ Reading Time is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with SJ Reading Time. If not, see {URI to Plugin License}.
-->labelpostfixpostfix_singular[sjrt_reading_time