WP-Safety

Horoscopen (NL) – Astro Media Security & Risk Analysis

wordpress.org/plugins/astro-media

Horoscopen van Astro Media zijn Nederlandstalige horoscopen, geschreven voor iedereen met een brede interesse in astrologie.

10 active installs v2.5.5 PHP 7.4+ WP 6.4.2+ Updated Feb 27, 2025
daghoroscoophoroscoopmaandhoroscoopnederlandstaligrelatiehoroscoop
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Horoscopen (NL) – Astro Media Safe to Use in 2026?

Generally Safe

Score 92/100

Horoscopen (NL) – Astro Media has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "astro-media" plugin v2.5.5 presents a mixed security posture. While there is no recorded vulnerability history, indicating a potentially stable release, the static analysis reveals significant concerns. A substantial attack surface exists with 18 unprotected AJAX handlers, creating a direct avenue for potential unauthorized actions. Furthermore, the taint analysis highlights 5 high-severity flows with unsanitized paths, suggesting risks of data manipulation or injection if these flows are triggered with malicious input. The low percentage of prepared statements for SQL queries (34%) and the similarly low rate of proper output escaping (28%) significantly exacerbate these risks, as they make the plugin vulnerable to SQL injection and cross-site scripting (XSS) attacks, respectively, especially when combined with the unprotected entry points. The absence of any nonce or capability checks is a major security weakness that allows any authenticated user to potentially exploit the unprotected AJAX endpoints. The bundled DataTables library, while common, should also be monitored for potential vulnerabilities if it's not kept up-to-date.

In conclusion, the plugin's lack of known CVEs is a positive sign, but it is overshadowed by critical weaknesses identified in the static analysis. The high number of unprotected AJAX handlers, coupled with high-severity unsanitized taint flows and poor data sanitization practices (SQL preparation and output escaping), creates a significant risk profile. The complete absence of nonce and capability checks on AJAX handlers is particularly concerning. While the plugin does not appear to be actively exploited based on its history, these inherent vulnerabilities make it a target for attackers. Immediate attention is required to address the identified code-level security flaws to mitigate these risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Low percentage of prepared SQL statements
  • Low percentage of proper output escaping
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
None known

Horoscopen (NL) – Astro Media Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Horoscopen (NL) – Astro Media Code Analysis

Dangerous Functions
0
Raw SQL Queries
59
30 prepared
Unescaped Output
855
335 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
10
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

34% prepared89 total queries

Output Escaping

28% escaped1190 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

12 flows10 with unsanitized paths
astromedia_horoscopes_nl_functionality_fetch_menu_content_for_astromedia (manpage\content.php:3)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
18 unprotected

Horoscopen (NL) – Astro Media Attack Surface

Entry Points70
Unprotected18

AJAX Handlers 18

authwp_ajax_get_countries_and_citiesmidone.php:162
noprivwp_ajax_get_countries_and_citiesmidone.php:163
authwp_ajax_fetch_readingsmidone.php:164
noprivwp_ajax_fetch_readingsmidone.php:165
authwp_ajax_fetch_resultsmidone.php:166
noprivwp_ajax_fetch_resultsmidone.php:167
authwp_ajax_fetch_menu_contentmidone.php:168
noprivwp_ajax_fetch_menu_contentmidone.php:169
authwp_ajax_fetch_customimagesmidone.php:170
noprivwp_ajax_fetch_customimagesmidone.php:171
authwp_ajax_getcityidmidone.php:172
noprivwp_ajax_getcityidmidone.php:173
authwp_ajax_get_citiesmidone.php:188
noprivwp_ajax_get_citiesmidone.php:189
authwp_ajax_logout_automidone.php:190
authwp_ajax_update_custom_imagesmidone.php:191
authwp_ajax_activate_customimagesmidone.php:192
noprivwp_ajax_logout_automidone.php:193

Shortcodes 52

[astro_ascendants_horoscope] shortcodes\horoscopes\shortcodes_ascedantenhoroscope.php:20
[astro_birth_horoscope] shortcodes\horoscopes\shortcodes_birthhoroscope.php:399
[astro_child_horoscope] shortcodes\horoscopes\shortcodes_childhoroscope.php:421
[astro_parent_child_relation] shortcodes\horoscopes\shortcodes_childparenthoroscope.php:452
[astro_chinese_belt_horoscope] shortcodes\horoscopes\shortcodes_chinesebelthoroscope.php:527
[astro_chinese_relation_horoscope] shortcodes\horoscopes\shortcodes_chineserelationhoroscope.php:562
[astro_chinese_year_horoscope2024] shortcodes\horoscopes\shortcodes_chineseyearhoroscope2024.php:536
[astro_chinese_year_horoscope2025] shortcodes\horoscopes\shortcodes_chineseyearhoroscope2025.php:536
[astro_daily_horoscope] shortcodes\horoscopes\shortcodes_dayhoroscope.php:18
[astro_birth_extended_horoscope] shortcodes\horoscopes\shortcodes_extendedbirthhoroscope.php:427
[astro_extended_child_horoscope] shortcodes\horoscopes\shortcodes_extendedchildhoroscope.php:443
[astro_childstarsigns_horoscope] shortcodes\horoscopes\shortcodes_kindersterrenbeeldenhoroscope.php:20
[astro_loverelation_horoscope] shortcodes\horoscopes\shortcodes_loverelationhoroscope.php:554
[astro_lovetest_horoscope] shortcodes\horoscopes\shortcodes_lovetesthoroscope.php:411
[astro_loveyear_horoscope2023] shortcodes\horoscopes\shortcodes_loveyearhoroscope2023.php:19
[astro_loveyear_horoscope2024] shortcodes\horoscopes\shortcodes_loveyearhoroscope2024.php:19
[astro_loveyear_horoscope2025] shortcodes\horoscopes\shortcodes_loveyearhoroscope2025.php:19
[astro_month_horoscope] shortcodes\horoscopes\shortcodes_monthhoroscope.php:19
[astro_partner_comparison] shortcodes\horoscopes\shortcodes_partnercomparisonhoroscope.php:437
[astro_hidden_love_conquest] shortcodes\horoscopes\shortcodes_silentlovehoroscope.php:372
[astro_starsigns_horoscope] shortcodes\horoscopes\shortcodes_starsignshoroscope.php:19
[astro_year_horoscope2023] shortcodes\horoscopes\shortcodes_yearhoroscope2023.php:19
[astro_year_horoscope2024] shortcodes\horoscopes\shortcodes_yearhoroscope2024.php:20
[astro_year_horoscope2025] shortcodes\horoscopes\shortcodes_yearhoroscope2025.php:20
[astro_year_extended_2024] shortcodes\horoscopes\shortcodes_yearhoroscopeextended2024.php:20
[astro_year_extended_2025] shortcodes\horoscopes\shortcodes_yearhoroscopeextended2025.php:20
[astro_lenormand_maandlegging] shortcodes\lenormand\shortcodes_lenormand_maandlegging.php:441
[astro_lenormand_relatielegging] shortcodes\lenormand\shortcodes_lenormand_relatielegging.php:441
[astro_lenormand_succeslegging] shortcodes\lenormand\shortcodes_lenormand_succeslegging.php:441
[astro_lenormand_weeklegging] shortcodes\lenormand\shortcodes_lenormand_weeklegging.php:441
[astro_tarot_daycard] shortcodes\tarot\shortcodes_tarot_dagkaartvoorspellingen.php:19
[astro_tarot_blind_spot] shortcodes\tarot\shortcodes_tarot_deblindevlek.php:20
[astro_tarot_daycard_love] shortcodes\tarot\shortcodes_tarot_dedagkaartliefde.php:19
[astro_tarot_liefdeslegging] shortcodes\tarot\shortcodes_tarot_deliefdeslegging.php:19
[astro_tarot_port] shortcodes\tarot\shortcodes_tarot_depoort.php:19
[astro_tarot_problemreading] shortcodes\tarot\shortcodes_tarot_deprobleemlegging.php:20
[astro_tarot_star] shortcodes\tarot\shortcodes_tarot_dester.php:20
[astro_tarot_week] shortcodes\tarot\shortcodes_tarot_deweeklegging.php:20
[astro_tarot_feelings] shortcodes\tarot\shortcodes_tarot_hetgevoelsleven.php:20
[astro_tarot_liefdesinzicht] shortcodes\tarot\shortcodes_tarot_hetliefdesinzicht.php:21
[astro_tarot_insight_balance_harmony] shortcodes\tarot\shortcodes_tarot_inzichtevenwichtharmonie.php:19
[astro_tarot_year] shortcodes\tarot\shortcodes_tarot_jaarlegging.php:19
[astro_tarot_liefdesvraag] shortcodes\tarot\shortcodes_tarot_liefdesvraag.php:22
[astro_tarot_month] shortcodes\tarot\shortcodes_tarot_maandlegging.php:19
[astro_tarot_relatielegging] shortcodes\tarot\shortcodes_tarot_relatielegging.php:19
[astro_tarot_cross] shortcodes\tarot\shortcodes_tarot_thecross.php:20
[astro_tarot_extended_daycard] shortcodes\tarot\shortcodes_tarot_uitgebreidedaglegging.php:19
[astro_tarot_past_present_future] shortcodes\tarot\shortcodes_tarot_verledenhedentoekomst.php:19
[astro_tarot_week] shortcodes\tarot\shortcodes_tarot_weeklegging.php:19
[astro_tarot_weeklegging_liefde] shortcodes\tarot\shortcodes_tarot_weekleggingliefde.php:20
[astro_tarot_roadtoyourself] shortcodes\tarot\shortcodes_tarot_wegnaarjezelf.php:20
[astro_zigeuner_weeklegging] shortcodes\zigeuner\shortcodes_zigeuner_weeklegging.php:441
WordPress Hooks 6
actionwp_enqueue_scriptsmidone.php:106
actionadmin_enqueue_scriptsmidone.php:124
actionadmin_enqueue_scriptsmidone.php:134
actionadmin_menumidone.php:143
actionwp_enqueue_scriptsmidone.php:151
actionadmin_enqueue_scriptsmidone.php:343
Maintenance & Trust

Horoscopen (NL) – Astro Media Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedFeb 27, 2025
PHP min version7.4
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Horoscopen (NL) – Astro Media Alternatives

No alternatives data available yet.

Developer Profile

Horoscopen (NL) – Astro Media Developer Profile

astromediahoroscopen

1 plugin · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Horoscopen (NL) – Astro Media

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/astro-media/css/style.css/wp-content/plugins/astro-media/js/underscore.js/wp-content/plugins/astro-media/js/scripts.js/wp-content/plugins/astro-media/css/bootstrap.css/wp-content/plugins/astro-media/css/fontawesome.css/wp-content/plugins/astro-media/css/datatables.css/wp-content/plugins/astro-media/js/datatables.js/wp-content/plugins/astro-media/js/ajax-handler.js
Script Paths
/wp-content/plugins/astro-media/js/underscore.js/wp-content/plugins/astro-media/js/scripts.js/wp-content/plugins/astro-media/js/datatables.js/wp-content/plugins/astro-media/js/ajax-handler.js
Version Parameters
astro-media/style.css?ver=astro-media/bootstrap.css?ver=astro-media/fontawesome.css?ver=astro-media/underscore.js?ver=astro-media/scripts.js?ver=astro-media/datatables.css?ver=astro-media/datatables.js?ver=astro-media/ajax-handler.js?ver=

HTML / DOM Fingerprints

CSS Classes
astromedia-horoscope-containerastromedia-tarot-cardastromedia-tarot-spreadastromedia-zigeuner-cardastromedia-lenormand-cardastromedia-horoscope-dayastromedia-horoscope-monthastromedia-horoscope-year+4 more
HTML Comments
<!-- Astro Media Horoscope Shortcode --><!-- Astro Media Tarot Card --><!-- Astro Media Tarot Spread --><!-- Astro Media Zigeuner Card -->+1 more
Data Attributes
data-astromedia-horoscope-typedata-astromedia-tarot-card-iddata-astromedia-tarot-spread-layoutdata-astromedia-zigeuner-card-indexdata-astromedia-lenormand-card-name
JS Globals
my_ajax_object
REST Endpoints
/wp-json/astro-media/v1/horoscope/wp-json/astro-media/v1/tarot/wp-json/astro-media/v1/lenormand
Shortcode Output
[dayhoroscope][extendedbirthhoroscope][birthhoroscope][monthhoroscope]
FAQ

Frequently Asked Questions about Horoscopen (NL) – Astro Media