WP-Safety

iThoughts Tooltip Glossary Security & Risk Analysis

wordpress.org/plugins/ithoughts-tooltip-glossary

Create beautiful tooltips for descriptions or glossary terms, easily

20 active installs v3.0.3 PHP + WP 3.3+ Updated May 15, 2018
appendixdictionaryglossarytechnical-termstooltip
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is iThoughts Tooltip Glossary Safe to Use in 2026?

Generally Safe

Score 85/100

iThoughts Tooltip Glossary has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "ithoughts-tooltip-glossary" plugin v3.0.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, indicating a relatively secure development past. The absence of critical or high severity taint flows and dangerous functions is also reassuring.

However, several areas raise concerns. The plugin presents a significant attack surface with 14 AJAX handlers, a notable 7 of which lack authentication checks. While there are 7 nonce checks and 5 capability checks present, the high number of unprotected AJAX endpoints represents a potential avenue for unauthorized actions. Furthermore, the static analysis reveals that only 53% of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled securely before being displayed.

While the plugin has a clean vulnerability history, the current static analysis findings, particularly the unprotected AJAX handlers and insufficient output escaping, warrant attention. These factors, combined with the relatively large number of entry points, suggest that while major vulnerabilities are not immediately apparent from historical data or taint analysis, there are structural weaknesses that could be exploited. A cautious approach is recommended, prioritizing the securing of AJAX endpoints and improving output sanitization.

Key Concerns

  • Unprotected AJAX handlers
  • Low percentage of properly escaped output
  • Large attack surface without clear auth
Vulnerabilities
None known

iThoughts Tooltip Glossary Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

iThoughts Tooltip Glossary Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
41
46 escaped
Nonce Checks
7
Capability Checks
5
File Operations
20
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared2 total queries

Output Escaping

53% escaped87 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
theme_editor (class\class-admin.php:1370)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

iThoughts Tooltip Glossary Attack Surface

Entry Points22
Unprotected7

AJAX Handlers 14

authwp_ajax_ithoughts_tt_gl_get_tinymce_tooltip_formclass\class-admin.php:129
authwp_ajax_ithoughts_tt_gl_get_tinymce_list_formclass\class-admin.php:130
authwp_ajax_ithoughts_tt_gl_update_optionsclass\class-admin.php:131
authwp_ajax_ithoughts_tt_gl_theme_saveclass\class-admin.php:133
authwp_ajax_ithoughts_tt_gl_theme_previewclass\class-admin.php:134
authwp_ajax_ithoughts_tt_gl_test_autolinkclass\class-autolink.php:30
noprivwp_ajax_ithoughts_tt_gl_test_autolinkclass\class-autolink.php:31
authwp_ajax_ithoughts_tt_gl_get_terms_listclass\class-backbone.php:348
noprivwp_ajax_ithoughts_tt_gl_get_terms_listclass\class-backbone.php:349
authwp_ajax_ithoughts_tt_gl_get_term_detailsclass\class-backbone.php:351
noprivwp_ajax_ithoughts_tt_gl_get_term_detailsclass\class-backbone.php:352
authwp_ajax_ithoughts_tt_gl_updateclass\class-updater.php:33
authwp_ajax_ithoughts_tt_gl_update_doneclass\class-updater.php:34
authwp_ajax_ithoughts_tt_gl_update-dismissclass\class-updater.php:35

Shortcodes 8

[glossary_atoz] class\shortcode\class-atoz.php:29
[itg-glossary] class\shortcode\class-glossary.php:31
[glossary] class\shortcode\class-glossary.php:32
[itg-mediatip] class\shortcode\class-mediatip.php:31
[mediatip] class\shortcode\class-mediatip.php:32
[glossary_term_list] class\shortcode\class-termlist.php:39
[itg-tooltip] class\shortcode\class-tooltip.php:31
[tooltip] class\shortcode\class-tooltip.php:32
WordPress Hooks 50
actionadmin_initclass\class-admin.php:52
actionadmin_initclass\class-admin.php:53
actionadmin_menuclass\class-admin.php:55
filtermce_buttonsclass\class-admin.php:57
filtermce_external_pluginsclass\class-admin.php:59
filtermce_external_languagesclass\class-admin.php:61
actionadmin_initclass\class-admin.php:63
actionadmin_enqueue_scriptsclass\class-admin.php:65
actionadmin_noticesclass\class-admin.php:105
actioninitclass\class-autolink.php:26
actioninitclass\class-backbone.php:248
actioninitclass\class-backbone.php:249
actionwp_footerclass\class-backbone.php:250
actionadmin_footerclass\class-backbone.php:251
actionwp_print_footer_scriptsclass\class-backbone.php:252
actionadmin_print_footer_scriptsclass\class-backbone.php:253
actionwp_enqueue_scriptsclass\class-backbone.php:254
actionadmin_enqueue_scriptsclass\class-backbone.php:255
actionpre_get_postsclass\class-backbone.php:256
filterithoughts_tt_gl_term_linkclass\class-backbone.php:258
filterithoughts_tt_gl_get_overriden_optsclass\class-backbone.php:259
actionplugins_loadedclass\class-backbone.php:261
actionwidgets_initclass\class-backbone.php:389
filterithoughts_tt_gl-term-excerptclass\class-filters.php:29
filterithoughts-split-argsclass\class-filters.php:30
filterithoughts-join-argsclass\class-filters.php:31
filterithoughts_tt_gl-split-argsclass\class-filters.php:32
filterithoughts_tt_gl_tooltip_anim_outclass\class-filters.php:34
filterithoughts_tt_gl_tooltip_anim_inclass\class-filters.php:35
filterithoughts_tt_gl_wpml_get_term_current_languageclass\class-filters.php:36
actioninitclass\class-posttypes.php:22
filtermanage_glossary_posts_columnsclass\class-posttypes.php:86
actionmanage_glossary_posts_custom_columnclass\class-posttypes.php:87
actionsave_postclass\class-posttypes.php:89
filterthe_contentclass\class-posttypes.php:90
actioninitclass\class-taxonomies.php:22
actionadmin_noticesclass\class-updater.php:84
actionsave_postclass\shortcode\class-glossary.php:35
actionwp_insert_post_dataclass\shortcode\class-glossary.php:36
actionedit_postclass\shortcode\class-glossary.php:37
actionget_headerclass\shortcode\class-glossary.php:38
actionwp_footerclass\shortcode\class-glossary.php:39
filterithoughts_tt_gl_get_glossary_term_elementclass\shortcode\class-glossary.php:41
filterithoughts_tt_gl-term-contentclass\shortcode\class-glossary.php:42
actionwp_insert_post_dataclass\shortcode\class-mediatip.php:35
actionedit_postclass\shortcode\class-mediatip.php:36
actionwp_insert_post_dataclass\shortcode\class-tooltip.php:35
actionedit_postclass\shortcode\class-tooltip.php:36
filterithoughts-tt-gl_tooltipclass\shortcode\class-tooltip.php:38
actioninitsubmodules\iThoughts-WordPress-Plugin-Toolbox\class\class-backbone.php:149
Maintenance & Trust

iThoughts Tooltip Glossary Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedMay 15, 2018
PHP min version
Downloads11K

Community Trust

Rating90/100
Number of ratings13
Active installs20
Alternatives

iThoughts Tooltip Glossary Alternatives

CM Tooltip Glossary

CM Tooltip Glossary

enhanced-tooltipglossary

A
97

Transform jargon into engaging content that boosts SEO, drives engagement, improves conversions, with automatic links and tooltips.

8K 7 CVEs
Glossary

Glossary

glossary-by-codeat

A
99

Boost your SEO & UX with Codeat's Glossary: powerful auto-link engine; customizable tooltips, mobile settings, ChatGPT and much more!

2K 2 CVEs
Glossary Tooltip – Build a Smart Knowledge Base with Tooltips

Glossary Tooltip – Build a Smart Knowledge Base with Tooltips

glossary-tooltip

A
100

Create a powerful glossary knowledge base to boost SEO, increase engagement, improve conversions with automatic links and tooltips.

100 No CVEs
Easy Glossary

Easy Glossary

easy-glossary

A
100

A lightweight, flexible glossary plugin that auto-links terms, shows tooltips, and provides an index shortcode.

0 No CVEs
Tooltips for WordPress

Tooltips for WordPress

wordpress-tooltips

C
64

Add custom tooltip automatically for post's content/title/tag/excerpt/gallery/menu, easily add image / video / audio / social/link tooltips

5K 1 unpatched
Developer Profile

iThoughts Tooltip Glossary Developer Profile

Gerkin

3 plugins · 40 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect iThoughts Tooltip Glossary

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ithoughts-tooltip-glossary/js/dist/ithoughts_tt_gl-admin.js/wp-content/plugins/ithoughts-tooltip-glossary/js/dist/ithoughts_tt_gl-tinymce-forms.js/wp-content/plugins/ithoughts-tooltip-glossary/js/dist/ithoughts_tt_gl-updater.js/wp-content/plugins/ithoughts-tooltip-glossary/js/dist/ithoughts_tt_gl-floater.js/wp-content/plugins/ithoughts-tooltip-glossary/js/dist/ithoughts_tt_gl-styleeditor.js/wp-content/plugins/ithoughts-tooltip-glossary/js/dist/ithoughts_tt_gl-editor.js/wp-content/plugins/ithoughts-tooltip-glossary/css/ithoughts_tt_gl-tinymce-forms.min.css/wp-content/plugins/ithoughts-tooltip-glossary/css/ithoughts_tt_gl-admin.min.css

HTML / DOM Fingerprints

CSS Classes
ithoughts_tt_gl-editor-containerithoughts_tt_gl-tooltip-previewithoughts_tt_gl-style-editor-wrapper
HTML Comments
<!-- ithoughts-tooltip-glossary -->
Data Attributes
data-iThoughtsTooltipGlossarydata-ithoughts-tt-gl-admin-ajaxdata-ithoughts-tt-gl-base-tinymcedata-ithoughts-tt-gl-verbositydata-ithoughts-tt-gl-nonce
JS Globals
iThoughtsTooltipGlossaryEditor
FAQ

Frequently Asked Questions about iThoughts Tooltip Glossary