Does Suntimes Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Suntimes Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Suntimes Widget compatible with WordPress 4.1.42?

According to WordPress.org data, Suntimes Widget 0.9.2 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Suntimes Widget updated?

Suntimes Widget was last updated on Dec 16, 2014. Frequent updates are generally a positive security signal.

What is Suntimes Widget's security score?

Suntimes Widget has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Suntimes Widget Security & Risk Analysis

wordpress.org/plugins/suntimes-widget

Displays sunrise and sunset times in a widget

20 active installs v0.9.2 PHP + WP 3.0+ Updated Dec 16, 2014

longitudesunsunrisesunsetsuntimes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Suntimes Widget Safe to Use in 2026?

Generally Safe

Score 85/100

Suntimes Widget has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The suntimes-widget plugin, version 0.9.2, exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded vulnerability history, suggesting a relatively stable and secure past. The absence of known CVEs and a limited attack surface (0 entry points) are also favorable indicators.

However, significant concerns arise from the static analysis. The presence of the `create_function` is a notable risk, as it can be exploited for code injection if user-supplied input is used without proper sanitization. More critically, 100% of the 17 output operations are not properly escaped. This indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, where an attacker could inject malicious scripts into the WordPress site through the plugin's output.

While the plugin's attack surface is currently minimal and there are no direct signs of dangerous taint flows or unpatched vulnerabilities, the lack of output escaping represents a substantial and easily exploitable security flaw. Developers should prioritize addressing the unescaped output and consider refactoring the use of `create_function` to mitigate these risks.

Key Concerns

Unescaped output detected
Use of dangerous function 'create_function'

Vulnerabilities

None known

Suntimes Widget Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Suntimes Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function('', 'return register_widget("SunTimesWidget");') );suntimes-widget.php:60

Output Escaping

0% escaped17 total outputs

Attack Surface

Suntimes Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initsuntimes-widget.php:60

Maintenance & Trust

Suntimes Widget Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedDec 16, 2014

PHP min version

Downloads3K

Community Trust

Rating50/100

Number of ratings2

Active installs20

Alternatives

Suntimes Widget Alternatives

LunaSolCal – Sun Info Widget

lunasolcal-sun-info-widget

Wordpress Widget for showing the sunrise and sunset at a given location.

40 No CVEs

Sunset Core

sunset-core

This plugin was made for the My Sunset Theme and adds extra functionality to it.

10 No CVEs

FakerPress

fakerpress

100

FakerPress is a clean way to generate fake and dummy content to your WordPress, great for developers who need testing

10K No CVEs

Parcel Pro

woo-parcel-pro

Parcel Pro heeft een API koppeling ontwikkeld die gelinkt is aan de backoffice van WordPress/WooCommerce. Hiermee kunt u heel gemakkelijk orders inlad …

800 3 CVEs

Sofortueberweisung Gateway for Woocommerce

woo-sofortuberweisung-gateway

Allows your users to pay over Sofortüberweisung via WooCommerce checkout. Easy, fast and safe. Setup is very easy.

800 No CVEs

Developer Profile

Suntimes Widget Developer Profile

Jon Lynch

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Suntimes Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

SunTimesWidget

Shortcode Output

<div id="suntimes"><ul><li>Sunrise:</li><li>Sunset:

FAQ