Does Hippoo Ticket have any unpatched vulnerabilities?

No. All known vulnerabilities in Hippoo Ticket have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hippoo Ticket compatible with WordPress 6.7.5?

According to WordPress.org data, Hippoo Ticket 1.0.9 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Hippoo Ticket updated?

Hippoo Ticket was last updated on Apr 13, 2025. Frequent updates are generally a positive security signal.

What is Hippoo Ticket's security score?

Hippoo Ticket has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hippoo Ticket Security & Risk Analysis

wordpress.org/plugins/hippoo-ticket

Hippoo-Ticket: A Free WooCommerce Plugin for Seamless Customer Support

10 active installs v1.0.9 PHP + WP 5.3+ Updated Apr 13, 2025

customer-supporthippoohippoo-ticketsupport-ticketticket

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hippoo Ticket Safe to Use in 2026?

Generally Safe

Score 100/100

Hippoo Ticket has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The "hippoo-ticket" v1.0.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and shows a high degree of output escaping, indicating a conscious effort to prevent common vulnerabilities. The absence of any known CVEs or past vulnerabilities is also a strong positive indicator. However, the plugin presents significant concerns related to its attack surface. A substantial portion of its entry points, specifically 7 out of 8, are unprotected and lack proper permission callbacks. This is further exacerbated by the taint analysis, which identified two flows with unsanitized paths flagged with high severity. While these are not classified as critical, the combination of a large, unprotected attack surface and high-severity taint flows points to a notable risk of unauthorized access or data manipulation, particularly if these unsanitized paths can be triggered by unauthenticated users.

Key Concerns

Unprotected REST API routes
Taint flows with unsanitized paths (high severity)
Unprotected AJAX handlers (if any exist without auth checks)
File operations present
External HTTP requests present

Vulnerabilities

None known

Hippoo Ticket Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Hippoo Ticket Code Analysis

Dangerous Functions

Raw SQL Queries

36 prepared

Unescaped Output

87 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared36 total queries

Output Escaping

98% escaped89 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

<config> (app\config.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Hippoo Ticket Attack Surface

Entry Points8

Unprotected7

REST API Routes 7

GET/wp-json/wc-hippoo/v1wp/ticketsapp\web_api_auth.php:13

GET/wp-json/wc-hippoo/v1wp/ticketsapp\web_api_auth.php:27

GET/wp-json/wc-hippoo/v1wp/tickets/(?P<id>\d+)app\web_api_auth.php:46

GET/wp-json/wc-hippoo/v1wp/tickets/order/(?P<id>\d+)app\web_api_auth.php:55

GET/wp-json/wc-hippoo/v1wp/tickets/(?P<id>\d+)/deleteapp\web_api_auth.php:64

GET/wp-json/wc-hippoo/v1wp/tickets/(?P<id>\d+)/statusapp\web_api_auth.php:73

GET/wp-json/wc-hippoo/v1wp/tickets/countapp\web_api_auth.php:82

Shortcodes 1

[hippoo_ticket] shortcode\ticket.php:5

WordPress Hooks 22

filterwoocommerce_account_orders_columnsapp\hooks.php:15

actionwoocommerce_my_account_my_orders_column_ticketapp\hooks.php:38

actionwoocommerce_my_account_my_orders_column_ticket_statusapp\hooks.php:58

filtermanage_hippoo_ticket_posts_columnsapp\hooks.php:73

actionmanage_hippoo_ticket_posts_custom_columnapp\hooks.php:91

actioninitapp\hooks.php:166

actionadmin_footer-post.phpapp\hooks.php:212

filterpost_row_actionsapp\hooks.php:227

filterbulk_actions-edit-hippoo_ticketapp\hooks.php:235

filterhandle_bulk_actions-edit-hippoo_ticketapp\hooks.php:250

actionafter_delete_postapp\hooks.php:262

filterthe_authorapp\hooks.php:281

actionrest_api_initapp\web_api.php:4

actionadmin_menuhippoo-ticket.php:128

actionafter_setup_themehippoo-ticket.php:138

actionadmin_enqueue_scriptshippoo-ticket.php:150

actionwp_enqueue_scriptshippoo-ticket.php:157

actionadd_meta_boxeshippoo-ticket.php:167

actioninithippoo-ticket.php:175

actionsave_post_hippoo_ticketmetabox\ticket_box.php:11

actionsave_post_hippoo_ticketmetabox\ticket_box.php:35

actioninitshortcode\ticket.php:4

Maintenance & Trust

Hippoo Ticket Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedApr 13, 2025

PHP min version

Downloads851

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Hippoo Ticket Alternatives

Fluent Support – Helpdesk & Customer Support Ticket System

fluent-support

Feature Rich and Super Fast Support and Customer Ticketing System for WordPress.

10K 7 CVEs

Support Genix – Helpdesk, AI Chatbot, Knowledge Base & Customer Support Ticketing System

support-genix-lite

Manage customer support with a powerful helpdesk & support ticket system — track customer tickets, resolve, and streamline your support workflow.

1K 3 CVEs

Customer Support Ticket System & Helpdesk Plugin for WordPress

wp-ticket

Create a support ticket system in WordPress. Manage customer inquiries, agents, priorities, and more with this flexible helpdesk plugin.

500 7 CVEs

Guest Support

guest-support

Complete WordPress support ticket system. No login needed for users or agents. Includes spam protection, file uploads, and secure replies.

40 2 CVEs

NexlifyDesk

nexlifydesk

100

Enterprise-grade WordPress helpdesk solution with intelligent ticket management, email piping, agent workflows, and WooCommerce integration.

0 No CVEs

Developer Profile

Hippoo Ticket Developer Profile

hippooo

5 plugins · 1K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Hippoo Ticket

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hippoo-ticket/assets/css/admin-style.css/wp-content/plugins/hippoo-ticket/assets/css/style.css/wp-content/plugins/hippoo-ticket/assets/js/admin-script.js/wp-content/plugins/hippoo-ticket/assets/js/script.js

Script Paths

admin-style.cssstyle.cssadmin-script.jsscript.js

Version Parameters

hippoo-ticket/assets/css/admin-style.css?ver=hippoo-ticket/assets/css/style.css?ver=hippoo-ticket/assets/js/admin-script.js?ver=hippoo-ticket/assets/js/script.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-iddata-user_iddata-product_id

JS Globals

hippoo_ticket_ajax_object

REST Endpoints

/wc-hippoo/v1/wp/tickets

Shortcode Output

[hippoo_ticket]

FAQ