Does TM Islamic Helper have any unpatched vulnerabilities?

Yes — TM Islamic Helper currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is TM Islamic Helper compatible with WordPress 5.2.24?

According to WordPress.org data, TM Islamic Helper 1.0.1 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is TM Islamic Helper compatible with PHP 7.2+?

TM Islamic Helper requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TM Islamic Helper updated?

TM Islamic Helper was last updated on Nov 20, 2019. Frequent updates are generally a positive security signal.

What is TM Islamic Helper's security score?

TM Islamic Helper has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TM Islamic Helper Security & Risk Analysis

wordpress.org/plugins/tm-islamic-helper

Islamic Helper plugin for muslims prayer times. Don't delete this plugin.

100 active installs v1.0.1 PHP 7.2+ WP 5.2+ Updated Nov 20, 2019

islammuslimsnamazpraypraytime

C · Use Caution

CVEs total1

Unpatched1

Last CVENov 18, 2024

Download

Safety Verdict

Is TM Islamic Helper Safe to Use in 2026?

Use With Caution

Score 64/100

TM Islamic Helper has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Nov 18, 2024Updated 6yr ago

Risk Assessment

The "tm-islamic-helper" plugin exhibits a concerning security posture due to a large number of unprotected AJAX handlers, representing a significant attack surface that could be exploited by unauthenticated users. While the plugin demonstrates good practices in its handling of SQL queries, utilizing prepared statements, the low percentage of properly escaped output is a major red flag. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially considering the plugin's history of a medium-severity XSS vulnerability. The presence of unsanitized paths in the taint analysis further exacerbates these concerns, suggesting potential for path traversal or file inclusion vulnerabilities, although no critical or high-severity taint flows were identified. The plugin's history of a recent medium-severity vulnerability, specifically XSS, coupled with the lack of robust output escaping, points to a pattern of insufficient input sanitization and output encoding, which attackers could leverage. While the plugin has a limited number of entry points and no direct file operations, the primary weaknesses lie in the lack of authentication on AJAX handlers and the inadequate output escaping, creating a considerable risk profile.

Key Concerns

Unprotected AJAX handlers
Low percentage of properly escaped output
Unsanitized paths in taint analysis
Unpatched medium severity CVE
Low number of nonce checks
Low number of capability checks

Vulnerabilities

TM Islamic Helper Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-52458medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

TM Islamic Helper <= 1.0.1 - Reflected Cross-Site Scripting

Nov 18, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

TM Islamic Helper Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

495

135 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

21% escaped630 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

tmpray_get_json_namaz (dashboard\dashboard.php:261)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

TM Islamic Helper Attack Surface

Entry Points16

Unprotected14

AJAX Handlers 14

noprivwp_ajax_tmpray_process_namazdashboard\dashboard.php:212

authwp_ajax_tmpray_process_namazdashboard\dashboard.php:213

noprivwp_ajax_tmpray_save_namaz_timedashboard\dashboard.php:219

authwp_ajax_tmpray_save_namaz_timedashboard\dashboard.php:220

noprivwp_ajax_tmpray_get_json_namazdashboard\dashboard.php:259

authwp_ajax_tmpray_get_json_namazdashboard\dashboard.php:260

noprivwp_ajax_tmpray_get_days_in_monthdashboard\dashboard.php:288

authwp_ajax_tmpray_get_days_in_monthdashboard\dashboard.php:289

noprivwp_ajax_tmpray_method_namazdashboard\dashboard.php:328

authwp_ajax_tmpray_method_namazdashboard\dashboard.php:329

noprivwp_ajax_tmpray_show_shortcode_singledashboard\dashboard.php:648

authwp_ajax_tmpray_show_shortcode_singledashboard\dashboard.php:649

noprivwp_ajax_tmpray_show_shortcode_alldashboard\dashboard.php:690

authwp_ajax_tmpray_show_shortcode_alldashboard\dashboard.php:691

Shortcodes 2

[praytime_single] dashboard\dashboard.php:717

[praytime_all] dashboard\dashboard.php:722

WordPress Hooks 12

actioninitcustom_taxonomy\namaz-time.php:6

actionadd_meta_boxescustom_taxonomy\namaz-time.php:44

actionsave_postcustom_taxonomy\namaz-time.php:108

filtermanage_posts_columnscustom_taxonomy\namaz-time.php:112

actionmanage_posts_custom_columncustom_taxonomy\namaz-time.php:125

actionadmin_initdashboard\dashboard.php:14

actionadmin_print_stylesdashboard\dashboard.php:103

actionadmin_print_scriptsdashboard\dashboard.php:104

actionadmin_menudashboard\dashboard.php:141

actionadmin_print_stylesfunction\public_function.php:21

actionplugins_loadedtm-islamic-helper.php:23

actionplugins_loadedtm-islamic-helper.php:44

Maintenance & Trust

TM Islamic Helper Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedNov 20, 2019

PHP min version7.2

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

TM Islamic Helper Alternatives

Salat Times

salat-times

100

Salat (Namaz) timetable for any location around the world!

600 1 CVE

Muslim Prayer Time-Salah/Iqamah

masjidal

Display the prayer(Athan) and/or Iqamah time for you masjid or location. Use as a widget or use the short codes and format it as you like.

400 1 CVE

Muslim Prayer Time BD – Prayer Reminder for Bangladesh

muslim-prayer-time-bd

A WordPress plugin to display proper prayer times specifically for Bangladeshi Muslims, including prayer reminders, widgets and customizable settings.

200 1 CVE

Prayer Times Bangla

prayer-times-bangla

100

A simple plugin to display daily Islamic prayer times in Bangla or English with location detection.

0 No CVEs

Daily Prayer Time

daily-prayer-time-for-mosques

Display prayer time in any screen, in any language and many more.

1K 6 CVEs

Developer Profile

TM Islamic Helper Developer Profile

zaymund

2 plugins · 110 total installs

trust score

Avg Security Score

75/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TM Islamic Helper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tm-islamic-helper/dashboard/css/style.css/wp-content/plugins/tm-islamic-helper/dashboard/js/ui-choose.js/wp-content/plugins/tm-islamic-helper/dashboard/js/xlsx.full.min.js

Script Paths

/wp-content/plugins/tm-islamic-helper/dashboard/js/ui-choose.js/wp-content/plugins/tm-islamic-helper/dashboard/js/xlsx.full.min.js

Version Parameters

tm-islamic-helper/dashboard/css/style.css?ver=tm-islamic-helper/dashboard/js/ui-choose.js?ver=tm-islamic-helper/dashboard/js/xlsx.full.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

tmpray_dashboard_css

FAQ