Does WP Unit Converter have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Unit Converter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Unit Converter compatible with WordPress 5.9.13?

According to WordPress.org data, WP Unit Converter 1.0.5 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is WP Unit Converter updated?

WP Unit Converter was last updated on Mar 21, 2022. Frequent updates are generally a positive security signal.

What is WP Unit Converter's security score?

WP Unit Converter has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Unit Converter Security & Risk Analysis

wordpress.org/plugins/wp-unit-converter

WP Unit Converter allows you to convert Length/Distance, Temperature, Time, Weight, Area and Speed metrics in different units of measurement.

100 active installs v1.0.5 PHP + WP 5.0+ Updated Mar 21, 2022

measurementmetricsshortcodeunit-converter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Unit Converter Safe to Use in 2026?

Generally Safe

Score 85/100

WP Unit Converter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "wp-unit-converter" v1.0.5 plugin exhibits a generally strong security posture, with no known vulnerabilities in its history and a clean taint analysis. The code signals also indicate a responsible approach to database interactions, with all SQL queries utilizing prepared statements. However, there are areas for improvement that introduce a moderate level of risk.

The primary concern lies in the output escaping. A significant percentage (78%) of the 18 outputs are not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if malicious input is processed and rendered without proper sanitization. While the attack surface is small, consisting of a single shortcode, and there are capability checks present, the lack of proper output escaping remains a significant weakness.

In conclusion, while the plugin benefits from a clean vulnerability history and secure database practices, the low rate of proper output escaping presents a notable risk. Addressing this would significantly bolster the plugin's security. The absence of external HTTP requests and dangerous functions are positive indicators. The single shortcode entry point is also a positive, but it's crucial that all outputs related to it are secured.

Key Concerns

Insufficient output escaping

Vulnerabilities

None known

WP Unit Converter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Unit Converter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

22% escaped18 total outputs

Attack Surface

WP Unit Converter Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[wpuc_unit_converter] public\class-wp-unit-converter-public.php:115

WordPress Hooks 10

actionplugins_loadedincludes\class-wp-unit-converter.php:167

actionadmin_enqueue_scriptsincludes\class-wp-unit-converter.php:182

actionadmin_enqueue_scriptsincludes\class-wp-unit-converter.php:183

filterwidget_textincludes\class-wp-unit-converter.php:187

filterwidget_textincludes\class-wp-unit-converter.php:188

actionwidgets_initincludes\class-wp-unit-converter.php:191

actionadmin_initincludes\class-wp-unit-converter.php:194

actionadmin_menuincludes\class-wp-unit-converter.php:197

actionwp_enqueue_scriptsincludes\class-wp-unit-converter.php:212

actionwp_enqueue_scriptsincludes\class-wp-unit-converter.php:213

Maintenance & Trust

WP Unit Converter Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMar 21, 2022

PHP min version

Downloads4K

Community Trust

Rating20/100

Number of ratings1

Active installs100

Alternatives

WP Unit Converter Alternatives

Smart Convert – Currency & Unit Conversion

smart-convert-currency-unit-conversion

100

The ultimate conversion engine: 153 Currencies, 105+ Units, Custom Unit Builder, GeoIP detection, and a native Gutenberg Block with live previews.

10 No CVEs

WP Shortcodes Plugin — Shortcodes Ultimate

shortcodes-ultimate

A comprehensive collection of visual components for your site

400K 35 CVEs

MW WP Form

mw-wp-form

MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, …

200K 6 CVEs

Performance Lab

performance-lab

100

Performance plugin from the WordPress Performance Team, which is a collection of standalone performance features.

200K 1 CVE

Shortcoder — Create Shortcodes for Anything

shortcoder

Create custom "Shortcodes" easily for HTML, JavaScript, CSS code snippets and use the shortcodes within posts, pages & widgets

100K 2 CVEs

Developer Profile

WP Unit Converter Developer Profile

centangle

2 plugins · 170 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Unit Converter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-unit-converter/admin/css/wp-unit-converter-admin.css/wp-content/plugins/wp-unit-converter/admin/js/wp-unit-converter-admin.js

Script Paths

/wp-content/plugins/wp-unit-converter/admin/js/wp-unit-converter-admin.js

Version Parameters

wp-unit-converter/admin/css/wp-unit-converter-admin.css?ver=wp-unit-converter/admin/js/wp-unit-converter-admin.js?ver=

HTML / DOM Fingerprints

FAQ