WP-Safety

Taro Clockwork Post Security & Risk Analysis

wordpress.org/plugins/taro-clockwork-post

A WordPress plugin to expire post with specified date.

40 active installs v1.2.6 PHP 7.2+ WP 5.9+ Updated Unknown
expirationmediapost
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Taro Clockwork Post Safe to Use in 2026?

Generally Safe

Score 100/100

Taro Clockwork Post has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "taro-clockwork-post" plugin v1.2.6 demonstrates a generally strong security posture with several good practices in place. Notably, 100% of its SQL queries utilize prepared statements, and all identified outputs are properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a positive security outlook. Furthermore, the plugin has no recorded vulnerabilities in its history, indicating a history of responsible development.

However, a significant concern arises from the plugin's attack surface. While the total number of entry points is low, one REST API route is exposed without adequate permission callbacks. This represents a single, but critical, unprotected entry point that could potentially be exploited by unauthenticated users. The lack of identified taint flows is a positive sign, but it doesn't negate the risk posed by the unprotected REST API route.

In conclusion, "taro-clockwork-post" v1.2.6 is a plugin that generally follows secure coding practices. Its strengths lie in its database query and output handling, and a clean vulnerability history. The primary weakness is the unprotected REST API endpoint, which warrants immediate attention to mitigate potential risks to authenticated access and data integrity.

Key Concerns

  • REST API route without permission callback
Vulnerabilities
None known

Taro Clockwork Post Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Taro Clockwork Post Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
11 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped11 total outputs
Attack Surface
1 unprotected

Taro Clockwork Post Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

GET/wp-json/clockwork/v1(?P<post_type>[^/]+)/(?P<post_id>\d+)/expirationincludes\block-editor.php:49
WordPress Hooks 14
actionenqueue_block_editor_assetsincludes\block-editor.php:11
actionrest_api_initincludes\block-editor.php:26
filtercron_schedulesincludes\cron.php:13
actioninitincludes\cron.php:34
actionadmin_noticesincludes\cron.php:74
actionadmin_enqueue_scriptsincludes\meta-box.php:8
actionadd_meta_boxesincludes\meta-box.php:13
actionpost_submitbox_misc_actionsincludes\meta-box.php:15
actionsave_postincludes\meta-box.php:79
actionadmin_initincludes\meta-box.php:107
filtermanage_posts_columnsincludes\meta-box.php:110
actionadmin_initincludes\setting.php:9
actionplugins_loadedtaro-clockwork-post.php:17
actionadmin_noticestaro-clockwork-post.php:28
Maintenance & Trust

Taro Clockwork Post Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedUnknown
PHP min version7.2
Downloads8K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

Taro Clockwork Post Alternatives

Add From Server

Add From Server

add-from-server

B
84

Add From Server is designed to help ease the pain of bad web hosts, allowing you to upload files via FTP or SSH and later import them into WordPress.

70K 1 CVE
Blog2Social: Social Media Auto Post & Scheduler

Blog2Social: Social Media Auto Post & Scheduler

blog2social

B
76

Automatically share and schedule your WordPress content on top social platforms like Facebook, Instagram, LinkedIn, TikTok, and more.

50K 22 CVEs
Crop-Thumbnails

Crop-Thumbnails

crop-thumbnails

A
100

"Crop Thumbnails" made it easy to get exacly that specific image-detail you want to show in your featured image or gallery image.

40K No CVEs
Reveal IDs

Reveal IDs

reveal-ids-for-wp-admin-25

A
100

What this plugin does is to reveal most removed IDs on admin pages, as it was in versions prior to 2.5.

40K No CVEs
NextScripts: Social Networks Auto-Poster

NextScripts: Social Networks Auto-Poster

social-networks-auto-poster-facebook-twitter-g

D
40

Automatically publishes blogposts to profiles/pages/groups on Twitter, Google+, Pinterest, LinkedIn, Blogger, Tumblr ... 22 more

30K 2 unpatched
Developer Profile

Taro Clockwork Post Developer Profile

TAROSKY INC.

12 plugins · 680 total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Taro Clockwork Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/taro-clockwork-post/dist/css/editor-input.css/wp-content/plugins/taro-clockwork-post/dist/js/editor-input.js/wp-content/plugins/taro-clockwork-post/dist/css/admin.css
Script Paths
/wp-content/plugins/taro-clockwork-post/dist/js/editor-input.js
Version Parameters
taro-clockwork-post/dist/css/editor-input.css?ver=taro-clockwork-post/dist/js/editor-input.js?ver=taro-clockwork-post/dist/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
misc-pub-tscptscp-wrappertscp-togglertscp-field-labeltscp-date-selectortscp-longtscp-monthtscp-short
HTML Comments
<!-- translators: %s current php version --><!-- translators: %s is expired at. --><!-- translators: %1$s month, %2$s date, %3$s, year, %4$s hour, %5$s minute -->
Data Attributes
name="tscp-should-expire"id="tscp-should-expire"name="tscp-year"class="tscp-long"name="tscp-month"class="tscp-month"+6 more
JS Globals
window.TscpEditorInput
REST Endpoints
/clockwork/v1/
FAQ

Frequently Asked Questions about Taro Clockwork Post