Does WP Currency Exchange Rates have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Currency Exchange Rates compatible with WordPress 6.8.5?

According to WordPress.org data, WP Currency Exchange Rates 1.3.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Currency Exchange Rates updated?

WP Currency Exchange Rates was last updated on Sep 4, 2025. Frequent updates are generally a positive security signal.

What is WP Currency Exchange Rates's security score?

WP Currency Exchange Rates has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Currency Exchange Rates Security & Risk Analysis

wordpress.org/plugins/wp-currency-exchange-rates

Currency exchange rates for WordPress.

10 active installs v1.3.1 PHP + WP 4.4+ Updated Sep 4, 2025

currencycurrency-exchange-ratesexchange-rates

A · Safe

CVEs total1

Unpatched0

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is WP Currency Exchange Rates Safe to Use in 2026?

Generally Safe

Score 99/100

WP Currency Exchange Rates has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 11, 2024Updated 8mo ago

Risk Assessment

The wp-currency-exchange-rates plugin v1.3.1 exhibits a generally strong security posture, with several positive indicators. The static analysis reveals no dangerous functions, 100% of SQL queries use prepared statements, and there are a respectable number of nonce checks and capability checks absent. The absence of critical or high severity taint flows is also a positive sign, suggesting that user-supplied data is generally handled with care. However, there are areas that warrant attention. The plugin has a history of known vulnerabilities, including one medium severity CSRF vulnerability. While this specific vulnerability is noted as patched, the pattern of past issues suggests a potential for recurring security weaknesses. Furthermore, while the output escaping is high (79%), the remaining 21% of outputs are not properly escaped, which could lead to XSS vulnerabilities if the unescaped data is user-controllable. The presence of file operations and external HTTP requests, though not inherently insecure, represent potential attack vectors if not implemented with strict validation and sanitization.

Key Concerns

Some outputs are not properly escaped
History of known vulnerabilities

Vulnerabilities

1 published

WP Currency Exchange Rates Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-54332medium · 6.1Cross-Site Request Forgery (CSRF)

WP Currency Exchange Rates <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Dec 11, 2024 Patched in 1.3.0 (9d)

Version History

WP Currency Exchange Rates Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

WP Currency Exchange Rates Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

79% escaped14 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

handle_actions (includes\class-alg-currency-exchange-rates-admin-settings.php:110)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Currency Exchange Rates Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[alg_cer_get_exchange_rate] includes\alg-currency-exchange-rates-shortcodes.php:13

[alg_cer_get_saved_exchange_rate] includes\alg-currency-exchange-rates-shortcodes.php:14

WordPress Hooks 12

actionadmin_menuincludes\class-alg-currency-exchange-rates-admin-settings.php:24

actionadmin_initincludes\class-alg-currency-exchange-rates-admin-settings.php:25

actionadmin_noticesincludes\class-alg-currency-exchange-rates-admin-settings.php:132

actionadmin_noticesincludes\class-alg-currency-exchange-rates-admin-settings.php:160

actionadmin_noticesincludes\class-alg-currency-exchange-rates-admin-settings.php:166

actioninitincludes\class-alg-currency-exchange-rates-crons.php:27

actionadmin_initincludes\class-alg-currency-exchange-rates-crons.php:28

actionalg_cer_update_exchange_ratesincludes\class-alg-currency-exchange-rates-crons.php:29

actionwidgets_initincludes\class-alg-currency-exchange-rates-widget.php:172

actioninitincludes\class-alg-currency-exchange-rates.php:60

actionadmin_initincludes\class-alg-currency-exchange-rates.php:104

actionplugins_loadedwp-currency-exchange-rates.php:35

Maintenance & Trust

WP Currency Exchange Rates Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 4, 2025

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Currency Exchange Rates Alternatives

Currency Converter Widget

currency-converter-widget

100

Free, fast, and beautiful currency converter widget with 170+ currencies, live exchange rates, and 11 widget styles.

3K 1 CVE

Multi Currency, Currency Switcher, Exchange Rates for WooCommerce – Mudra

woo-exchange-rate

100

Allows to add exchange rates for WooCommerce store

2K No CVEs

Exchange Rates Widget

exchange-rates-widget

100

❤️‍ Is a magic and easy-to-use with beautiful UI widget. Included 190+ world currencies with popular cryptocurrencies.

1K 1 CVE

Exchange Rates

exchange-rates

Currency Converter & Exchange Rates Widgets, easy-to-use, with beautiful UI. 🔑 No API key needed, ❤️‍ plug and play.

900 2 CVEs

Currency Exchange for WooCommerce

currency-exchange-for-woocommerce

100

With Currency Exchange for WooCommerce you can easily setup exchange to any currencies in WooCommerce.

600 No CVEs

Developer Profile

WP Currency Exchange Rates Developer Profile

WPFactory

64 plugins · 137K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

94 days

View full developer profile

Detection Fingerprints

How We Detect WP Currency Exchange Rates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-currency-exchange-rates/assets/css/alg-currency-exchange-rates-admin.css/wp-content/plugins/wp-currency-exchange-rates/assets/css/alg-currency-exchange-rates-frontend.css/wp-content/plugins/wp-currency-exchange-rates/assets/js/alg-currency-exchange-rates-admin.js/wp-content/plugins/wp-currency-exchange-rates/assets/js/alg-currency-exchange-rates-frontend.js

Version Parameters

wp-currency-exchange-rates/assets/css/alg-currency-exchange-rates-admin.css?ver=wp-currency-exchange-rates/assets/css/alg-currency-exchange-rates-frontend.css?ver=wp-currency-exchange-rates/assets/js/alg-currency-exchange-rates-admin.js?ver=wp-currency-exchange-rates/assets/js/alg-currency-exchange-rates-frontend.js?ver=

HTML / DOM Fingerprints

Shortcode Output

[alg_cer_get_exchange_rate[alg_cer_get_saved_exchange_rate

FAQ