Breaking News WP Security & Risk Analysis
wordpress.org/plugins/breaking-news-wpShow in every place your Free and Custom Breaking News Bar
Is Breaking News WP Safe to Use in 2026?
High Risk
Score 43/100Breaking News WP carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.
The "breaking-news-wp" v1.3 plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and has no file operations or external HTTP requests, significant concerns arise from its entry points and historical vulnerability patterns. The presence of one unprotected AJAX handler presents a direct attack vector. The plugin's vulnerability history, with two currently unpatched medium severity CVEs, both related to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), is a major red flag. This pattern indicates a recurring weakness in how user input is handled or how actions are protected. The lack of nonce checks on the unprotected AJAX handler, coupled with the historical XSS vulnerabilities, suggests that malicious actors could potentially inject scripts or perform unauthorized actions. The limited output escaping (28% properly escaped) further exacerbates the XSS risk, as data displayed to users may not be properly sanitized. Overall, the plugin has some strengths in its secure handling of database queries, but the unprotected entry points and persistent historical vulnerabilities create a notable risk profile.
Key Concerns
- Unprotected AJAX handler
- 2 unpatched medium severity CVEs
- Limited output escaping (28% proper)
- No nonce checks on AJAX handler
- Historical XSS and CSRF vulnerabilities
Breaking News WP Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Breaking News WP <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Breaking News WP <= 1.3 - Cross-Site Request Forgery to Settings Update
Breaking News WP Code Analysis
Output Escaping
Breaking News WP Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
Breaking News WP Maintenance & Trust
Maintenance Signals
Community Trust
Breaking News WP Alternatives
Latest Simple News Ticker
latest-simple-news-ticker
This plugin help you to view the latest posts or page on your website.This plugin also have three type of animation such as Fade Effects,Slide Effects …
News ticker
news-ticker-tj
Premium Quality but free. It is responsive and easily custimzeable. Video tutorials are given for usage and custimization.
Nice Latest News Ticker
nice-latest-news-ticker
A Nice Breaking News or News Slideshow plugin for WordPress.
Synchronise News Ticker
synchronise-news-ticker
Synchronise News Ticker is a lightweight plugin used to animating a simple news ticker.
T4B News Ticker – Responsive News Scroller, Slider, and Animations
t4b-news-ticker
T4B News Ticker is a flexible and user-friendly news ticker plugin for WordPress, designed to create horizontal news tickers with 4 unique animations.
Breaking News WP Developer Profile
3 plugins · 1K total installs
How We Detect Breaking News WP
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/breaking-news-wp/js/jquery.marquee.min.js/wp-content/plugins/breaking-news-wp/js/marquee-scroll-min.js/wp-content/plugins/breaking-news-wp/js/marquee-scroll.js/wp-content/plugins/breaking-news-wp/js/bn-opt-res.js/wp-content/plugins/breaking-news-wp/js/jquery.marquee.min.js/wp-content/plugins/breaking-news-wp/js/marquee-scroll-min.js/wp-content/plugins/breaking-news-wp/js/marquee-scroll.jsHTML / DOM Fingerprints
brnwp_custom_textname="brnwp_theme"id="brnwp_theme_one"id="brnwp_theme_two"id="brnwp_dim_barra"id="brnwp_testo_pers"id="brnwp_text"+1 morebrnwp_ajax_sdbrnwp_custom_text_check[breaking-news-wp]