WP-Safety

CM Tooltip Glossary Security & Risk Analysis

wordpress.org/plugins/enhanced-tooltipglossary

Transform jargon into engaging content that boosts SEO, drives engagement, improves conversions, with automatic links and tooltips.

8K active installs v4.5.3 PHP 5.2.4+ WP 5.4.0+ Updated Jan 27, 2026
dictionaryglossarylexicontooltipvocabulary
97
A · Safe
CVEs total7
Unpatched0
Last CVEOct 9, 2024
Plugin page Download
Safety Verdict

Is CM Tooltip Glossary Safe to Use in 2026?

Generally Safe

Score 97/100

CM Tooltip Glossary has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

7 known CVEsLast CVE: Oct 9, 2024Updated 3mo ago
Risk Assessment

The "enhanced-tooltipglossary" plugin version 4.5.3 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce checks and capability checks for most entry points. The absence of any currently unpatched CVEs is also a significant strength, indicating the developers are responsive to security issues. However, the static analysis reveals several areas of concern. A notable weakness is the presence of 3 unprotected AJAX handlers, representing a significant attack surface that could be exploited by unauthenticated users. While taint analysis shows no critical or high severity flows, one flow with an unsanitized path indicates a potential for unexpected behavior or vulnerabilities if not carefully handled. The high number of total outputs with only 31% properly escaped suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, especially in conjunction with past vulnerabilities of this type. The plugin's history of 7 medium severity CVEs, primarily related to XSS and CSRF, further reinforces the concern about input sanitization and output escaping, suggesting these have been recurring issues. The plugin also makes external HTTP requests, which, without proper validation, could lead to SSRF or other vulnerabilities. The bundled Select2 library, while common, should also be kept updated to avoid known vulnerabilities within it. Overall, while the plugin has improved in certain areas like SQL practices and has no active critical issues, the presence of unprotected AJAX handlers, poor output escaping, and a history of XSS/CSRF vulnerabilities warrant caution.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping percentage
  • Flows with unsanitized paths
  • Multiple past medium CVEs (XSS/CSRF)
  • External HTTP requests
Vulnerabilities
7 published

CM Tooltip Glossary Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
1 CVE in 2016
2016
1 CVE in 2021
2021
4 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
7

7 total CVEs

CVE-2024-48041medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Tooltip Glossary <= 4.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 9, 2024 Patched in 4.3.11 (8d)
CVE-2024-43149medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Tooltip Glossary <= 4.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 7, 2024 Patched in 4.3.9 (8d)
CVE-2024-5026medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Tooltip Glossary <= 4.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

May 1, 2024 Patched in 4.3.4 (394d)
CVE-2024-4086medium · 4.3Cross-Site Request Forgery (CSRF)

CM Tooltip Glossary – Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery

Apr 24, 2024 Patched in 4.3.0 (9d)
CVE-2021-24678medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Tooltip Glossary <= 3.9.20 - Authenticated Stored Cross-Site Scripting

Sep 6, 2021 Patched in 3.9.21 (869d)
CVE-2016-1000132medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Tooltip Glossary – Better SEO and UEX for your WP site <= 3.3.4 - Reflected Cross-Site Scripting

Oct 12, 2016 Patched in 3.3.5 (2659d)
WF-5463a730-a8cf-40c9-83fc-3e451e4db1c9-enhanced-tooltipglossarymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM Tooltip Glossary – Better SEO and UEX for your WP site <= 3.1.3 - Reflected Cross-Site Scripting

Apr 22, 2015 Patched in 3.1.4 (3198d)
Version History

CM Tooltip Glossary Release Timeline

v4.4.9
v4.4.8
v4.4.7
v4.4.6
v4.4.5
v4.4.4
v4.4.3
v1.07 CVEs
CVE-2024-48041 CVE-2021-24678 WF-5463a730-a8cf-40c9-83fc-3e451e4db1c9-enhanced-tooltipglossary +4 more
Code Analysis
Analyzed Mar 16, 2026

CM Tooltip Glossary Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
14 prepared
Unescaped Output
445
204 escaped
Nonce Checks
7
Capability Checks
9
File Operations
2
External Requests
6
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared14 total queries

Output Escaping

31% escaped649 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
cminds_system_info_content (package\cminds-free.php:2726)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

CM Tooltip Glossary Attack Surface

Entry Points14
Unprotected3

AJAX Handlers 5

authwp_ajax_cm-submit-uninstall-reasonpackage\cminds-free.php:147
authwp_ajax_cm-submit-registration-emailpackage\cminds-free.php:148
authwp_ajax_cm-submit-deregistrationpackage\cminds-free.php:149
authwp_ajax_cm-submit-registration-skippackage\cminds-free.php:150
authwp_ajax_cmtt_save_wizard_optionswizard\wizard.php:22

Shortcodes 9

[cm_tooltip_link_to_term] glossaryFree.php:310
[cm_tooltip_parse] glossaryFree.php:311
[cmtgend] glossaryFree.php:312
[glossary_tooltip] glossaryFree.php:317
[email] glossaryFree.php:1664
[cminds_free_registration] package\cminds-free.php:54
[cminds_free_guide] package\cminds-free.php:55
[cminds_upgrade_box] package\cminds-free.php:56
[cminds_free_activation] package\cminds-free.php:57
WordPress Hooks 172
actionamp_post_template_cssamp.php:9
filtercmtt_pre_item_description_contentamp.php:10
filteramp_content_sanitizersamp.php:11
filtercmtt_dom_str_replace_beforeamp.php:12
filtercmtt_pre_item_description_contentamp.php:13
filtercmtt_link_replaceamp.php:14
filtercmtt_all_letter_additional_attributesamp.php:16
filtercmtt_index_all_labelamp.php:17
filtercmtt_num_letter_additional_attributesamp.php:19
filtercmtt_index_num_labelamp.php:20
filtercmtt_letter_letter_additional_attributesamp.php:22
filtercmtt_index_letter_labelamp.php:26
filtercmtt_index_glossary_page_linkamp.php:28
filtercmtt_glossary_index_before_listnav_contentamp.php:30
actioncmtt_include_files_afterenhanced-tooltipglossary.php:79
actioncminds_cmtt_admin_tooltip_previewfunctions.php:359
actionplugins_loadedglossaryFree.php:34
actioninitglossaryFree.php:35
actioncmtt_flush_rewrite_rulesglossaryFree.php:36
actionadmin_menuglossaryFree.php:38
actionadmin_headglossaryFree.php:39
actionadmin_enqueue_scriptsglossaryFree.php:41
actionadmin_enqueue_scriptsglossaryFree.php:42
actionrestrict_manage_postsglossaryFree.php:44
actionadmin_noticesglossaryFree.php:46
actionadmin_noticesglossaryFree.php:47
actionadmin_noticesglossaryFree.php:48
actionadmin_noticesglossaryFree.php:49
actionadmin_print_footer_scriptsglossaryFree.php:50
actionadd_meta_boxesglossaryFree.php:51
filtermanage_edit-glossary_columnsglossaryFree.php:53
filtermanage_glossary_posts_custom_columnglossaryFree.php:54
actionquick_edit_custom_boxglossaryFree.php:63
actionsave_postglossaryFree.php:64
actionupdate_postglossaryFree.php:65
actionsave_postglossaryFree.php:69
actiondelete_postglossaryFree.php:70
filtercmtt_settings_tooltip_tab_content_afterglossaryFree.php:72
filterget_the_excerptglossaryFree.php:82
filterwp_trim_excerptglossaryFree.php:83
filterget_the_excerptglossaryFree.php:85
filterthe_excerptglossaryFree.php:93
filterget_the_excerptglossaryFree.php:103
filterwpseo_opengraph_descglossaryFree.php:104
filterthe_contentglossaryFree.php:108
filterthe_contentglossaryFree.php:116
filterthe_contentglossaryFree.php:117
filterthe_contentglossaryFree.php:118
actionfusion_pause_live_editor_filterglossaryFree.php:123
filterget_the_archive_descriptionglossaryFree.php:129
filtercategory_descriptionglossaryFree.php:137
filtercm_tooltip_parseglossaryFree.php:150
filterthe_titleglossaryFree.php:159
filterbp_blogs_record_comment_post_typesglossaryFree.php:164
filterbp_replace_the_contentglossaryFree.php:172
filtercmtt_is_tooltip_clickableglossaryFree.php:174
filtercmtt_term_tooltip_contentglossaryFree.php:179
filtercmtt_term_tooltip_contentglossaryFree.php:180
filtercmtt_term_tooltip_contentglossaryFree.php:181
filtercmtt_term_tooltip_contentglossaryFree.php:182
filtercmtt_tooltip_content_addglossaryFree.php:186
filtercmtt_tooltip_content_addglossaryFree.php:187
filtercmtt_tooltip_content_addglossaryFree.php:188
filtercmtt_tooltip_content_addglossaryFree.php:189
filtercmtt_tooltip_content_addglossaryFree.php:190
filtercmtt_tooltip_content_addglossaryFree.php:191
filtercmtt_parse_with_simple_functionglossaryFree.php:193
filteracf/load_valueglossaryFree.php:196
filterbbp_get_reply_contentglossaryFree.php:197
filtercmtt_tooltip_script_argsglossaryFree.php:200
filterwoocommerce_short_descriptionglossaryFree.php:205
filterwoocommerce_attributeglossaryFree.php:213
filterwoocommerce_attribute_labelglossaryFree.php:221
filterwidget_textglossaryFree.php:234
filtervc_shortcode_outputglossaryFree.php:248
filtergdlr_core_the_contentglossaryFree.php:261
filteressgrid_post_meta_contentglossaryFree.php:273
filterninja_tables_get_public_dataglossaryFree.php:286
actionct_builder_endglossaryFree.php:301
filtercomments_openglossaryFree.php:304
filterget_comments_numberglossaryFree.php:305
actionbp_before_create_groupglossaryFree.php:319
actionbp_before_group_admin_contentglossaryFree.php:320
actionbp_attachments_avatar_check_templateglossaryFree.php:328
actionbp_before_profile_avatar_upload_contentglossaryFree.php:336
actionbp_before_profile_edit_cover_imageglossaryFree.php:344
actionbp_after_create_groupglossaryFree.php:353
actionbp_after_group_admin_contentglossaryFree.php:354
actionbp_attachments_avatar_main_templateglossaryFree.php:362
actionbp_after_profile_avatar_upload_contentglossaryFree.php:370
actionbp_after_profile_edit_cover_imageglossaryFree.php:378
filtercmtt_dynamic_css_beforeglossaryFree.php:387
actionava_after_main_titleglossaryFree.php:389
filtercmtt_glossary_parse_postglossaryFree.php:390
filterthe_contentglossaryFree.php:392
filtercmtt_tooltip_script_dataglossaryFree.php:394
filtercmtt_glossary_content_beforeglossaryFree.php:396
filtercmtt_glossary_content_afterglossaryFree.php:397
filterthe_contentglossaryFree.php:399
filtercmtt_runParserglossaryFree.php:400
filtercmtt_parsed_contentglossaryFree.php:401
filtercmtt_get_all_glossary_items_singleglossaryFree.php:403
filtercmtt_glossary_index_listnav_content_insideglossaryFree.php:404
filterpost_type_linkglossaryFree.php:406
actiontemplate_redirectglossaryFree.php:407
filterthe_contentglossaryFree.php:409
actioncmtt_do_activateglossaryFree.php:411
filterfusion_component_fusion_tb_content_contentglossaryFree.php:1638
filterav_complete_contentglossaryFree.php:1766
filteravf_the_contentglossaryFree.php:1774
actionava_before_content_templatebuilder_pageglossaryFree.php:1782
actionava_after_content_templatebuilder_pageglossaryFree.php:1783
filteravf_sc_video_outputglossaryFree.php:1784
filtercmtt_glossary_parse_postglossaryFree.php:2048
filterviews_edit-glossaryglossaryFree.php:2237
filterthe_contentglossaryFree.php:2681
filterthe_contentglossaryFree.php:2728
filterthe_contentglossaryFree.php:2736
filtercmtt_glossary_index_item_additionsglossaryFree.php:2798
filtercmtt_highlight_first_onlyglossaryFree.php:2803
filtermce_external_pluginsglossaryFree.php:3553
filtermce_buttonsglossaryFree.php:3554
filterckeditor_external_pluginsglossaryFree.php:3556
filterckeditor_buttonsglossaryFree.php:3557
actionwp_enqueue_scriptsglossaryIndex.php:22
actioncmtt_glossary_shortcode_afterglossaryIndex.php:23
actioncmtt_glossary_index_query_beforeglossaryIndex.php:24
filtercmtt_glossary_index_tooltip_contentglossaryIndex.php:33
filtercmtt_glossary_index_tooltip_contentglossaryIndex.php:34
filtercmtt_glossary_index_tooltip_contentglossaryIndex.php:35
filtercmtt_glossary_index_tooltip_contentglossaryIndex.php:39
filtercmtt_glossary_index_remove_links_to_termsglossaryIndex.php:44
filtercmtt_glossary_index_disable_tooltipsglossaryIndex.php:45
filtercmtt_glossary_index_disable_tooltipsglossaryIndex.php:46
filtercmtt_glossary_index_paginationglossaryIndex.php:48
filtercmtt_glossary_index_listnav_contentglossaryIndex.php:50
filtercmtt_glossary_index_before_listnav_contentglossaryIndex.php:51
filtercmtt_index_term_tooltip_permalinkglossaryIndex.php:52
filtercmtt_glossary_index_after_contentglossaryIndex.php:54
filtercmtt_glossary_index_after_contentglossaryIndex.php:56
filtercmtt_glossary_index_after_contentglossaryIndex.php:58
filtercmtt_glossary_index_after_contentglossaryIndex.php:59
filtercmtt_glossary_index_shortcode_default_attsglossaryIndex.php:61
filtercmtt_glossary_index_attsglossaryIndex.php:66
filtercmtt_tooltip_script_dataglossaryIndex.php:68
filtercmtt_glossary_container_additional_classglossaryIndex.php:69
filtercmtt_pre_item_description_contentglossaryIndex.php:71
filtercmtt_postItemTitleContentglossaryIndex.php:72
filtercmtt_preItemTitleContentglossaryIndex.php:73
filtercmtt_glossaryItemTitleglossaryIndex.php:75
actionwp_footerglossaryIndex.php:118
actionwp_footerglossaryIndex.php:122
filtercmtt_glossary_index_after_contentglossaryIndex.php:722
actionactivated_pluginpackage\cminds-free.php:31
actionadmin_initpackage\cminds-free.php:33
actionadmin_menupackage\cminds-free.php:34
actionadmin_enqueue_scriptspackage\cminds-free.php:35
actionadmin_enqueue_scriptspackage\cminds-free.php:36
actioncminds_download_sysinfopackage\cminds-free.php:48
actioninitpackage\cminds-free.php:50
actioninitpackage\cminds-free.php:51
filterplugin_row_metapackage\cminds-free.php:59
actionwp_dashboard_setuppackage\cminds-free.php:62
actionadmin_footerpackage\cminds-free.php:157
filterwp_mail_content_typepackage\cminds-free.php:311
filterwp_mail_content_typepackage\cminds-free.php:2076
filterwp_mail_content_typepackage\cminds-free.php:2167
actioncmtt_add_submenu_pagessettings\CMTT_Settings.php:24
actionadmin_enqueue_scriptssettings\CMTT_Settings.php:25
actionadmin_menuwizard\wizard.php:20
actionactivated_pluginwizard\wizard.php:21
actionadmin_enqueue_scriptswizard\wizard.php:23
Maintenance & Trust

CM Tooltip Glossary Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 27, 2026
PHP min version5.2.4
Downloads638K

Community Trust

Rating86/100
Number of ratings156
Active installs8K
Alternatives

CM Tooltip Glossary Alternatives

Glossary

Glossary

glossary-by-codeat

A
99

Boost your SEO & UX with Codeat's Glossary: powerful auto-link engine; customizable tooltips, mobile settings, ChatGPT and much more!

2K 2 CVEs
Glossary Tooltip – Build a Smart Knowledge Base with Tooltips

Glossary Tooltip – Build a Smart Knowledge Base with Tooltips

glossary-tooltip

A
100

Create a powerful glossary knowledge base to boost SEO, increase engagement, improve conversions with automatic links and tooltips.

100 No CVEs
Encyclopedia / Glossary / Wiki

Encyclopedia / Glossary / Wiki

encyclopedia-lexicon-glossary-wiki-dictionary

A
91

Supercharged tool to build your own awesome Encyclopedia / Lexicon / Glossary / Wiki / Dictionary / Knowledge base / Directory / Vocabulary in no time

1K 1 CVE
iThoughts Tooltip Glossary

iThoughts Tooltip Glossary

ithoughts-tooltip-glossary

A
85

Create beautiful tooltips for descriptions or glossary terms, easily

20 No CVEs
Glossary Pages

Glossary Pages

glossary-pages

A
100

A customizable, multilingual-ready glossary plugin with A-Z navigation, category filters, and search. Lightweight, flexible, and SEO-friendly.

10 No CVEs
Developer Profile

CM Tooltip Glossary Developer Profile

CreativeMindsSolutions

19 plugins · 22K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
535 days
View full developer profile
Detection Fingerprints

How We Detect CM Tooltip Glossary

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/enhanced-tooltipglossary/assets/css/cmtt-tooltip.css/wp-content/plugins/enhanced-tooltipglossary/assets/css/cmtt.css/wp-content/plugins/enhanced-tooltipglossary/assets/js/jquery.cookie.js/wp-content/plugins/enhanced-tooltipglossary/assets/js/cmtt.js/wp-content/plugins/enhanced-tooltipglossary/assets/js/cmtt-admin.js/wp-content/plugins/enhanced-tooltipglossary/assets/js/jquery.sticky-kit.min.js/wp-content/plugins/enhanced-tooltipglossary/assets/js/cmtt-frontend.js
Script Paths
/wp-content/plugins/enhanced-tooltipglossary/assets/js/jquery.cookie.js/wp-content/plugins/enhanced-tooltipglossary/assets/js/cmtt.js/wp-content/plugins/enhanced-tooltipglossary/assets/js/cmtt-admin.js/wp-content/plugins/enhanced-tooltipglossary/assets/js/jquery.sticky-kit.min.js/wp-content/plugins/enhanced-tooltipglossary/assets/js/cmtt-frontend.js
Version Parameters
enhanced-tooltipglossary/assets/css/cmtt-tooltip.css?ver=enhanced-tooltipglossary/assets/css/cmtt.css?ver=enhanced-tooltipglossary/assets/js/jquery.cookie.js?ver=enhanced-tooltipglossary/assets/js/cmtt.js?ver=enhanced-tooltipglossary/assets/js/cmtt-admin.js?ver=enhanced-tooltipglossary/assets/js/jquery.sticky-kit.min.js?ver=enhanced-tooltipglossary/assets/js/cmtt-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
cmtt-tooltipcmtt-tooltip-contentcmtt-tooltip-arrowcmtt-glossary-index
HTML Comments
<!-- BEGIN CMTOOLTIPGLOSSARY --><!-- END CMTOOLTIPGLOSSARY -->
Data Attributes
data-cmtt-iddata-cmtt-content
JS Globals
CMTT_settingscmtt_lang
Shortcode Output
[glossary_frontend_form][glossary_index]
FAQ

Frequently Asked Questions about CM Tooltip Glossary