WP-Safety

wp-jalali Security & Risk Analysis

wordpress.org/plugins/wp-jalali

Full Jalali calendar support for Wordpress and localization improvements for Persian/Afghan/Tajik users.

20K active installs v5.0.1 PHP + WP 3.9+ Updated Nov 28, 2017
afghancalendar-conversionfarsipersiantajik
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is wp-jalali Safe to Use in 2026?

Generally Safe

Score 85/100

wp-jalali has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The wp-jalali plugin version 5.0.1 demonstrates a generally strong security posture based on the provided static analysis. The absence of any recorded vulnerabilities, including critical or high severity ones, is a significant positive indicator. Furthermore, the plugin exhibits good practices by having no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed without authentication or permission checks, resulting in a zero attack surface. The lack of dangerous functions and external HTTP requests also contributes to its secure design.

However, there are areas for improvement. The relatively low percentage of SQL queries using prepared statements (31%) and the even lower percentage of properly escaped outputs (18%) present potential risks. While no taint flows were found with unsanitized paths, these weaknesses could be exploited if an attacker could inject malicious data that bypasses existing, albeit minimal, input validation. The presence of only one nonce check across the entire codebase also suggests a potential lack of robust protection against CSRF attacks, especially if the plugin were to introduce new features with user-interactive elements in the future.

In conclusion, wp-jalali v5.0.1 appears to be a relatively secure plugin due to its limited attack surface and clean vulnerability history. The primary concerns lie in the insufficient use of prepared statements for SQL queries and the lack of comprehensive output escaping, which could be exploited under specific conditions. The minimal number of nonce checks also warrants attention. Despite these weaknesses, the absence of any known exploits or vulnerabilities paints a picture of a plugin that prioritizes security, but can still benefit from hardening its data handling practices.

Key Concerns

  • SQL queries not using prepared statements
  • Low percentage of properly escaped outputs
  • Limited nonce checks
Vulnerabilities
None known

wp-jalali Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

wp-jalali Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
4 prepared
Unescaped Output
50
11 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

31% prepared13 total queries

Output Escaping

18% escaped61 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
ztjalali_admin_save_option_page_fn (inc\wp-jalali-admin.php:35)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

wp-jalali Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 42
actionadmin_menuinc\wp-jalali-admin.php:7
actionadmin_initinc\wp-jalali-admin.php:78
actionadmin_noticesinc\wp-jalali-admin.php:83
filterdashboard_primary_linkinc\wp-jalali-admin.php:105
filterdashboard_primary_feedinc\wp-jalali-admin.php:106
filterdashboard_primary_titleinc\wp-jalali-admin.php:107
filterdashboard_secondary_linkinc\wp-jalali-admin.php:109
filterdashboard_secondary_feedinc\wp-jalali-admin.php:110
filterdashboard_secondary_titleinc\wp-jalali-admin.php:111
filterdate_i18ninc\wp-jalali-filters.php:14
filterpost_linkinc\wp-jalali-filters.php:18
actionpre_get_postsinc\wp-jalali-filters.php:19
filterposts_whereinc\wp-jalali-filters.php:20
filtertitle_save_preinc\wp-jalali-filters.php:25
filtercontent_save_preinc\wp-jalali-filters.php:28
filterexcerpt_save_preinc\wp-jalali-filters.php:31
filtercomment_save_preinc\wp-jalali-filters.php:34
filterpre_comment_contentinc\wp-jalali-filters.php:35
filtercontent_save_preinc\wp-jalali-filters.php:40
filtertitle_save_preinc\wp-jalali-filters.php:41
filterexcerpt_save_preinc\wp-jalali-filters.php:42
filtercomment_save_preinc\wp-jalali-filters.php:44
filterpre_comment_contentinc\wp-jalali-filters.php:45
filterthe_titleinc\wp-jalali-filters.php:50
filterthe_contentinc\wp-jalali-filters.php:53
filterthe_excerptinc\wp-jalali-filters.php:56
filtercomment_textinc\wp-jalali-filters.php:59
filterthe_contentinc\wp-jalali-filters.php:63
filterthe_titleinc\wp-jalali-filters.php:64
filterthe_excerptinc\wp-jalali-filters.php:65
filtercomment_textinc\wp-jalali-filters.php:66
filtercomments_numberinc\wp-jalali-filters.php:71
filterwp_list_categoriesinc\wp-jalali-filters.php:75
filterwp_list_categoriesinc\wp-jalali-filters.php:78
filterwp_titleinc\wp-jalali-filters.php:83
actionwidgets_initwidget\widget_archive.php:128
actionwidgets_initwidget\widget_calendar.php:60
actionupgrader_process_completewp-jalali-init.php:61
actionadmin_enqueue_scriptswp-jalali-init.php:139
actionadmin_print_styles-plugin-editor.phpwp-jalali-init.php:160
actionadmin_print_styles-theme-editor.phpwp-jalali-init.php:161
filterlogin_headertitlewp-jalali-init.php:175
Maintenance & Trust

wp-jalali Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30
Last updatedNov 28, 2017
PHP min version
Downloads402K

Community Trust

Rating80/100
Number of ratings21
Active installs20K
Alternatives

wp-jalali Alternatives

WP-Persian

WP-Persian

wp-persian

A
85

Fast and Powerful plugin for Jalali calendar and Farsi language support in Wordpress and standard plugins.

9K No CVEs
Gateway AqayePardakht for Woocommerce

Gateway AqayePardakht for Woocommerce

gateway-aqayepardakht-for-woocommerce

A
92

با نصب این پلاگین می توانید از خدمات درگاه آقای پرداخت برای پلاگین ووکامرس استفاده کنید!

4K No CVEs
Vazir Font

Vazir Font

vazir-font

A
85

فونت وزیرمتن برای وردپرس

700 No CVEs
Webkima Elements

Webkima Elements

webkima-elements

A
85

افزونه وبکیما المنت یک پلاگین بسیار سبک و سریع برای افزودن فونت های فارسی به سایت های وردپرسی و المنتوری است، توسط این افزونه می توانید فونت های فارسی …

300 No CVEs
Better RTL Support

Better RTL Support

better-rtl-support

A
85

Wordpress plugin for better Right to Left support for widely used themes and plugins.

200 No CVEs
Developer Profile

wp-jalali Developer Profile

mani_monaj

1 plugin · 20K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect wp-jalali

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-jalali/assets/css/wp-jalali-admin.css/wp-content/plugins/wp-jalali/assets/js/wp-jalali-admin.js/wp-content/plugins/wp-jalali/assets/js/wp-jalali-frontend.js
Script Paths
/wp-content/plugins/wp-jalali/assets/js/wp-jalali-admin.js/wp-content/plugins/wp-jalali/assets/js/wp-jalali-frontend.js
Version Parameters
/wp-content/plugins/wp-jalali/assets/css/wp-jalali-admin.css?ver=/wp-content/plugins/wp-jalali/assets/js/wp-jalali-admin.js?ver=/wp-content/plugins/wp-jalali/assets/js/wp-jalali-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
ztjalali_admin_page
Data Attributes
dashicons-ztjalali
JS Globals
window.ztjalali_opts
FAQ

Frequently Asked Questions about wp-jalali