Does WP Chrono have any unpatched vulnerabilities?

Yes — WP Chrono currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Chrono compatible with WordPress 4.9.29?

According to WordPress.org data, WP Chrono 1.5.4 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WP Chrono updated?

WP Chrono was last updated on Oct 21, 2018. Frequent updates are generally a positive security signal.

What is WP Chrono's security score?

WP Chrono has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Chrono Security & Risk Analysis

wordpress.org/plugins/wp-chrono

WP Chrono is plugin that uses simple shortcodes to help you show parts of your pages and posts at specific time and date range(s).

50 active installs v1.5.4 PHP + WP 3.5+ Updated Oct 21, 2018

datepagepostshortcodetime

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is WP Chrono Safe to Use in 2026?

Use With Caution

Score 64/100

WP Chrono has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 7yr ago

Risk Assessment

The "wp-chrono" plugin v1.5.4 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, all SQL queries are prepared, and output is properly escaped. There are also no file operations, external HTTP requests, or bundled libraries, which generally reduces the attack surface. However, the plugin has significant security concerns due to its vulnerability history and unprotected entry points. The presence of one unpatched medium severity CVE (Cross-site Scripting) is a critical red flag, especially since it was recently discovered. Furthermore, the plugin exposes one AJAX handler without any authentication checks, presenting a clear opportunity for attackers to exploit potential vulnerabilities in that specific handler.

Key Concerns

Unpatched CVE (Medium Severity)
Unprotected AJAX handler
Lack of nonce checks (implied by unprotected AJAX)
Lack of capability checks (implied by unprotected AJAX)

Vulnerabilities

WP Chrono Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31747medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Chrono <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Chrono Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

1 unprotected

WP Chrono Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 1

authwp_ajax_wpch_install_notice_dismissincludes\WPChrono.php:61

Shortcodes 4

[wpch-currentdate] includes\WPChrono.php:42

[wpch-ifdate] includes\WPChrono.php:45

[wpch-ifdaterange] includes\WPChrono.php:48

[wpch-countdowntimer] includes\WPChrono.php:51

WordPress Hooks 4

actionwp_enqueue_scriptsincludes\WPChrono.php:18

actionwp_enqueue_scriptsincludes\WPChrono.php:19

actionadmin_initincludes\WPChrono.php:20

actionadmin_noticesincludes\WPChrono.php:58

Maintenance & Trust

WP Chrono Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 21, 2018

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings10

Active installs50

Alternatives

WP Chrono Alternatives

Last Modified Timestamp

last-modified-timestamp

100

Adds the last modified time to the admin interface as well as a [last-modified] shortcode to use on the front-end.

8K No CVEs

Bulk Datetime Change

bulk-datetime-change

100

Bulk change date/time for posts.

7K 1 CVE

CC-Server-Time

cc-server-time

This plugin adds a server time to all posts types edit screen.

10 No CVEs

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Developer Profile

WP Chrono Developer Profile

milan.latinovic

1 plugin · 50 total installs

trust score

Avg Security Score

64/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Chrono

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

../public/js/countdowntimer.js../public/js/notice-update.js../public/css/countdowntimer.css

Script Paths

/wp-content/plugins/wp-chrono/public/js/countdowntimer.js/wp-content/plugins/wp-chrono/public/js/notice-update.js

Version Parameters

/wp-content/plugins/wp-chrono/public/css/countdowntimer.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpch-install-noticewpch_darkbluewpch_bluewpch_darkpurplewpch_purplewpch_greenwpch_lightgreenwpch_red+7 more

Data Attributes

id="wpch_clockdiv_id="wpch_clockdivcontent_

JS Globals

initializeClock

REST Endpoints

/wp-json/wpch-chrono

Shortcode Output

<div><span class="wpch_days"></span><div class="wpch_smalltext">Days</div></div><div><span class="wpch_hours"></span><div class="wpch_smalltext">Hours</div></div><div><span class="wpch_minutes"></span><div class="wpch_smalltext">Minutes</div></div><div><span class="wpch_seconds"></span><div class="wpch_smalltext">Seconds</div></div><div id="wpch_clockdivcontent_

<div class="notice notice-success wpch-install-notice is-dismissible">

FAQ