WP Date and Time Shortcode Security & Risk Analysis
wordpress.org/plugins/wp-date-and-time-shortcodeShortcode to show any current, past, and future date or time. Display this, previous, or next year, month, day, etc.
Is WP Date and Time Shortcode Safe to Use in 2026?
Generally Safe
Score 99/100WP Date and Time Shortcode has a strong security track record. Known vulnerabilities have been patched promptly.
The "wp-date-and-time-shortcode" plugin v2.7 exhibits a mixed security posture. While the static analysis reveals no critical code signals like dangerous functions or raw SQL queries, and importantly, no unprotected entry points, there are significant concerns regarding output escaping. A mere 8% of outputs are properly escaped, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history also points to a past XSS vulnerability, reinforcing the output escaping concern. The absence of nonce and capability checks on its shortcodes, which represent the entire attack surface, further amplifies the risk associated with the poor output escaping, as any input processed by these shortcodes could be vulnerable to injection attacks.
Key Concerns
- Low percentage of properly escaped output
- Lack of capability checks on shortcodes
- Lack of nonce checks on shortcodes
- Past XSS vulnerability history
WP Date and Time Shortcode Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
WP Date and Time Shortcode <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
WP Date and Time Shortcode Code Analysis
Output Escaping
WP Date and Time Shortcode Attack Surface
Shortcodes 3
WordPress Hooks 5
Maintenance & Trust
WP Date and Time Shortcode Maintenance & Trust
Maintenance Signals
Community Trust
WP Date and Time Shortcode Alternatives
insertTime
inserttime
A simple wordpress plugin that adds a shorcode [time] tp insert your local time at page loading in a post.
Simple Current Date Time
simple-current-date-time
Simple plugin for current, localized dates & times via shortcodes. Use in content, H1 & SEO titles. Lightweight.
WP Chrono
wp-chrono
WP Chrono is plugin that uses simple shortcodes to help you show parts of your pages and posts at specific time and date range(s).
Essential Shortcodes
essential-shortcodes
Display user information and date/time with easy-to-use shortcodes. Free version includes 8 essential shortcodes.
autometa's NOWON
nowon
It reproduces current time and date in pages, posts, portfolios or products simply via: [nowon] and [nowadays].
WP Date and Time Shortcode Developer Profile
3 plugins · 11K total installs
How We Detect WP Date and Time Shortcode
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-date-and-time-shortcode/static/css/admin.css/wp-content/plugins/wp-date-and-time-shortcode/static/js/admin.js/wp-content/plugins/wp-date-and-time-shortcode/static/css/user.css/wp-content/plugins/wp-date-and-time-shortcode/static/js/user.js/wp-content/plugins/wp-date-and-time-shortcode/denra-plugins/classes/FrameworkLoader.php/wp-content/plugins/wp-date-and-time-shortcode/denra-plugins/classes/PluginHooks.php