WP-Safety

Divine Astro Security & Risk Analysis

wordpress.org/plugins/horoscope-and-tarot

Divineapi.com is a leading API platform for services like Daily Horoscope, Tarot reading, Kundali, Panchang, Natal Chart, Fortune Cookie, Coffee Cup r …

100 active installs v1.3.2 PHP 7.0+ WP 5.5+ Updated Feb 5, 2025
daily-horoscopedaily-tarothoroscopetarotyes-or-no-tarot
91
A · Safe
CVEs total1
Unpatched0
Last CVEJan 6, 2025
Plugin page Download
Safety Verdict

Is Divine Astro Safe to Use in 2026?

Generally Safe

Score 91/100

Divine Astro has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 6, 2025Updated 1yr ago
Risk Assessment

The horoscope-and-tarot plugin, version 1.3.2, exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and avoids file operations and cron events, several significant concerns warrant attention. The presence of two unprotected AJAX handlers significantly expands the attack surface, potentially allowing unauthorized actions. Furthermore, the static analysis reveals the use of dangerous functions like 'unserialize' and a low percentage of properly escaped outputs, indicating a higher risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function usage (unserialize)
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handlers
  • No capability checks
  • Bundled outdated library (Select2)
  • Bundled outdated library (Guzzle)
Vulnerabilities
1

Divine Astro Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-11337medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Horoscope And Tarot <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 6, 2025 Patched in 1.3.1 (4d)
Code Analysis
Analyzed Mar 16, 2026

Divine Astro Code Analysis

Dangerous Functions
27
Raw SQL Queries
0
0 prepared
Unescaped Output
762
271 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
5
Bundled Libraries
2

Dangerous Functions Found

unserialize<?php foreach(unserialize(TIMEZONES) as $zone): ?>inc\settings\chinese_horoscope_settings.php:132
unserialize<?php foreach(unserialize(TIMEZONES) as $zone): ?>inc\settings\daily_panchang_settings.php:863
unserialize<?php foreach(unserialize(TIMEZONES) as $zone): ?>inc\settings\horoscope_settings.php:282
unserialize<?php foreach(unserialize(TIMEZONES) as $zone): ?>inc\settings\numerology_horoscope_settings.php:132
unserialize$timezones = unserialize(TIMEZONES); // Retrieve timezonesinc\shortcodes\shortcodes.php:65
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:549
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:653
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:714
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:774
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:1722
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:1895
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:2128
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:2372
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:2482
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:2803
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:2970
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:3121
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:3269
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:3422
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:3573
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:3726
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:3879
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:4031
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:4183
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:4334
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:4489
unserialize$timezones = unserialize(TIMEZONES);inc\shortcodes\shortcodes.php:4647

Bundled Libraries

Select2Guzzle

Output Escaping

26% escaped1033 total outputs
Attack Surface
2 unprotected

Divine Astro Attack Surface

Entry Points53
Unprotected2

AJAX Handlers 2

noprivwp_ajax_dapi_admin_ajax_reqhoroscope-and-tarot.php:290
authwp_ajax_dapi_admin_ajax_reqhoroscope-and-tarot.php:291

Shortcodes 51

[wp_divine_shortcode] inc\shortcodes\shortcodes.php:52
[divine_horoscope] inc\shortcodes\shortcodes.php:156
[divine_daily_tarot] inc\shortcodes\shortcodes.php:257
[divine_yes_no_tarot] inc\shortcodes\shortcodes.php:332
[divine_fortune_cookie] inc\shortcodes\shortcodes.php:397
[divine_coffee_cup] inc\shortcodes\shortcodes.php:535
[divine_custom_daily_horoscope] inc\shortcodes\shortcodes.php:639
[divine_custom_weekly_horoscope] inc\shortcodes\shortcodes.php:700
[divine_custom_monthly_horoscope] inc\shortcodes\shortcodes.php:761
[divine_custom_yearly_horoscope] inc\shortcodes\shortcodes.php:821
[divine_love_compatibility] inc\shortcodes\shortcodes.php:1528
[divine_angel_reading] inc\shortcodes\shortcodes.php:1612
[divine_career_daily_reading] inc\shortcodes\shortcodes.php:1613
[divine_dream_come_true_reading] inc\shortcodes\shortcodes.php:1614
[divine_egyptian_prediction] inc\shortcodes\shortcodes.php:1615
[divine_erotic_love_reading] inc\shortcodes\shortcodes.php:1616
[divine_ex_flame_reading] inc\shortcodes\shortcodes.php:1617
[divine_flirt_love_reading] inc\shortcodes\shortcodes.php:1618
[divine_know_your_friend_reading] inc\shortcodes\shortcodes.php:1619
[divine_in_depth_love_reading] inc\shortcodes\shortcodes.php:1620
[divine_made_for_each_other_or_not] inc\shortcodes\shortcodes.php:1621
[divine_past_lives_connection_reading] inc\shortcodes\shortcodes.php:1622
[divine_power_life_reading] inc\shortcodes\shortcodes.php:1623
[divine_heartbreak_reading] inc\shortcodes\shortcodes.php:1712
[divine_magic_reading] inc\shortcodes\shortcodes.php:1713
[divine_wisdom_reading] inc\shortcodes\shortcodes.php:1714
[divine_chinese_horoscope] inc\shortcodes\shortcodes.php:1888
[divine_chinese_horoscope_v2] inc\shortcodes\shortcodes.php:2120
[divine_numerology_horoscope] inc\shortcodes\shortcodes.php:2273
[divine_past_present_future_reading] inc\shortcodes\shortcodes.php:2363
[divine_love_triangle_reading] inc\shortcodes\shortcodes.php:2364
[divine_which_animal_are_you_reading] inc\shortcodes\shortcodes.php:2471
[divine_daily_panchang] inc\shortcodes\shortcodes.php:2785
[divine_festivals] inc\shortcodes\shortcodes.php:2959
[divine_daily_panchang_sunrise_moonrise] inc\shortcodes\shortcodes.php:3110
[divine_daily_panchang_only] inc\shortcodes\shortcodes.php:3259
[divine_daily_panchang_month_samvat] inc\shortcodes\shortcodes.php:3412
[divine_daily_panchang_rashi_nakshatra] inc\shortcodes\shortcodes.php:3562
[divine_daily_panchang_ritu_ayana] inc\shortcodes\shortcodes.php:3715
[divine_daily_auspicious_panchang] inc\shortcodes\shortcodes.php:3868
[divine_daily_panchang_inauspicious] inc\shortcodes\shortcodes.php:4020
[divine_daily_panchang_nivas_shool] inc\shortcodes\shortcodes.php:4172
[divine_daily_panchang_other_calendars_epoch] inc\shortcodes\shortcodes.php:4323
[divine_daily_panchang_chandrabalam_tarabalam] inc\shortcodes\shortcodes.php:4478
[divine_daily_panchang_panchaka_rahita_muhurta_udaya_lagna] inc\shortcodes\shortcodes.php:4636
[divine_choghadiya] inc\shortcodes\shortcodes.php:4813
[divine_kundali] inc\shortcodes\shortcodes.php:5603
[divine_kundali_matching] inc\shortcodes\shortcodes.php:5623
[divine_natal] inc\shortcodes\shortcodes.php:5662
[divine_natal_transit] inc\shortcodes\shortcodes.php:5702
[divine_natal_synastry] inc\shortcodes\shortcodes.php:5742
WordPress Hooks 36
actionadmin_enqueue_scriptsadmin\dhat-admin.php:22
actionupgrader_process_completehoroscope-and-tarot.php:252
actionadmin_initinc\settings\career_daily_reading_settings.php:97
actionadmin_initinc\settings\chinese_horoscope_settings.php:97
actionadmin_initinc\settings\choghadiya_settings.php:225
actionadmin_initinc\settings\coffee_cup_settings.php:80
actionadmin_initinc\settings\daily_panchang_settings.php:852
actionadmin_initinc\settings\daily_tarot_settings.php:97
actionadmin_initinc\settings\divine_angel_reading_settings.php:97
actionadmin_initinc\settings\divine_magic_reading_settings.php:97
actionadmin_initinc\settings\dream_come_true_reading_settings.php:97
actionadmin_initinc\settings\egyptian_prediction_settings.php:97
actionadmin_initinc\settings\erotic_love_reading_settings.php:97
actionadmin_initinc\settings\ex_flame_reading_settings.php:97
actionadmin_initinc\settings\flirt_love_reading_settings.php:97
actionadmin_initinc\settings\fortune_cookie_settings.php:80
actionadmin_initinc\settings\heartbreak_reading_settings.php:98
actionadmin_initinc\settings\horoscope_settings.php:225
actionadmin_initinc\settings\in_depth_love_reading_settings.php:97
actionadmin_initinc\settings\know_your_friend_reading_settings.php:97
actionadmin_initinc\settings\kundali_matching_settings.php:31
actionadmin_initinc\settings\kundali_settings.php:31
actionadmin_initinc\settings\love_compatibility_settings.php:148
actionadmin_initinc\settings\love_triangle_reading_settings.php:97
actionadmin_initinc\settings\made_for_each_other_reading_settings.php:97
actionadmin_initinc\settings\numerology_horoscope_settings.php:97
actionadmin_initinc\settings\past_lives_connection_settings.php:91
actionadmin_initinc\settings\past_present_future_reading_settings.php:98
actionadmin_initinc\settings\power_life_reading_settings.php:97
actionadmin_menuinc\settings\settings.php:20
actionadmin_initinc\settings\settings.php:900
actionadmin_initinc\settings\which_animal_are_you_reading_settings.php:82
actionadmin_initinc\settings\wisdom_reading_settings.php:97
actionadmin_initinc\settings\yes_no_tarot_settings.php:97
actionwp_enqueue_scriptsinc\shortcodes\shortcodes.php:2791
actionwp_enqueue_scriptspublic\dhat-public.php:14
Maintenance & Trust

Divine Astro Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 5, 2025
PHP min version7.0
Downloads9K

Community Trust

Rating92/100
Number of ratings11
Active installs100
Alternatives

Divine Astro Alternatives

EZ Horoscope Professional

EZ Horoscope Professional

ez-horoscope

A
100

Astrologically accurate horoscopes with cosmic insights, advice, birth charts, and AI voice agents for chatting about readings.

200 No CVEs
The Daily Horoscope

The Daily Horoscope

the-daily-horoscope

A
85

Add The Daily Horoscope Plugin to your widgets, posts and pages. Select your sign and read your daily horoscope.

200 No CVEs
Tarot and Horoscope

Tarot and Horoscope

tarot-and-horoscope

A
100

Add interactive tarot card games and live chat to your WordPress site for free, powered by TarotandHoroscope.com.

40 No CVEs
Daily Fortune Telling Cards

Daily Fortune Telling Cards

daily-fortune-telling-cards

A
100

Official Daily Fortune Telling Cards plugin, supported by the PowerFortunes team. Fortune Telling Cards adds value and interesting content to your sit &hellip;

10 No CVEs
Horoscope Feeder

Horoscope Feeder

horoscope-feeder

A
85

Horoscope Feeder is a plugin that displays your horoscope for the day, which after installation, you can use the widget or shortcode.

10 No CVEs
Developer Profile

Divine Astro Developer Profile

Divine API

1 plugin · 100 total installs

94
trust score
Avg Security Score
91/100
Avg Patch Time
4 days
View full developer profile
Detection Fingerprints

How We Detect Divine Astro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/horoscope-and-tarot/public/css/style.css/wp-content/plugins/horoscope-and-tarot/public/js/script.js/wp-content/plugins/horoscope-and-tarot/admin/css/dhat-admin.css/wp-content/plugins/horoscope-and-tarot/admin/js/dhat-admin.js/wp-content/plugins/horoscope-and-tarot/inc/settings/css/settings.css/wp-content/plugins/horoscope-and-tarot/inc/settings/js/settings.js/wp-content/plugins/horoscope-and-tarot/inc/shortcodes/css/shortcodes.css/wp-content/plugins/horoscope-and-tarot/inc/shortcodes/js/shortcodes.js
Script Paths
/wp-content/plugins/horoscope-and-tarot/public/js/script.js/wp-content/plugins/horoscope-and-tarot/admin/js/dhat-admin.js/wp-content/plugins/horoscope-and-tarot/inc/settings/js/settings.js/wp-content/plugins/horoscope-and-tarot/inc/shortcodes/js/shortcodes.js
Version Parameters
horoscope-and-tarot/public/css/style.css?ver=horoscope-and-tarot/public/js/script.js?ver=horoscope-and-tarot/admin/css/dhat-admin.css?ver=horoscope-and-tarot/admin/js/dhat-admin.js?ver=horoscope-and-tarot/inc/settings/css/settings.css?ver=horoscope-and-tarot/inc/settings/js/settings.js?ver=horoscope-and-tarot/inc/shortcodes/css/shortcodes.css?ver=horoscope-and-tarot/inc/shortcodes/js/shortcodes.js?ver=

HTML / DOM Fingerprints

CSS Classes
dhat-admin-wrapdhat-settings-formdhat-shortcode-container
HTML Comments
Include admin.phpInclude public.phpInclude Settings PageInclude Shortcodes+1 more
Data Attributes
data-plugin-pathdata-plugin-url
JS Globals
dhat_plugin_pathdhat_plugin_url
Shortcode Output
[horoscope][daily_horoscope][monthly_horoscope][yearly_horoscope]
FAQ

Frequently Asked Questions about Divine Astro