WP-Safety

Live News – Responsive News Ticker Security & Risk Analysis

wordpress.org/plugins/live-news-lite

Generate a news ticker to communicate the latest updates, including financial news, weather warnings, election results, sports scores, and more.

3K active installs v1.10 PHP 7.2+ WP 5.0+ Updated May 11, 2025
breaking-newslivenewsnews-tickerticker
100
A · Safe
CVEs total1
Unpatched0
Last CVESep 4, 2023
Download
Safety Verdict

Is Live News – Responsive News Ticker Safe to Use in 2026?

Generally Safe

Score 100/100

Live News – Responsive News Ticker has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 4, 2023Updated 10mo ago
Risk Assessment

The live-news-lite plugin version 1.10 exhibits a generally strong security posture, with robust adherence to best practices in several key areas. The absence of unprotected entry points across AJAX handlers and REST API routes, coupled with a high percentage of properly escaped output and the use of prepared statements for most SQL queries, are significant strengths. Furthermore, the presence of nonce and capability checks, along with the lack of file operations or external HTTP requests, further bolsters its defense.

However, the analysis does reveal some potential areas of concern. The taint analysis identified two flows with unsanitized paths, which could represent a risk if these paths are user-controlled or lead to sensitive operations, even though they were not classified as critical or high severity. While the plugin has a history of only one medium-severity CVE, which is currently patched, the fact that a CSRF vulnerability was present previously warrants attention. This indicates a potential for such issues if input validation or authentication mechanisms are not meticulously implemented for all user-facing features.

In conclusion, live-news-lite v1.10 is well-developed from a security perspective, demonstrating good coding practices. The low number of identified vulnerabilities and the absence of critical code signals are positive indicators. The primary areas to monitor would be the identified unsanitized paths and ensuring ongoing vigilance against potential CSRF vectors, especially as new features are added or modifications are made.

Key Concerns

  • Flows with unsanitized paths
  • Previous medium CVE (CSRF)
Vulnerabilities
1

Live News – Responsive News Ticker Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-41669medium · 4.3Cross-Site Request Forgery (CSRF)

Live News <= 1.06 - Cross-Site Request Forgery

Sep 4, 2023 Patched in 1.07 (222d)
Code Analysis
Analyzed Mar 16, 2026

Live News – Responsive News Ticker Code Analysis

Dangerous Functions
0
Raw SQL Queries
19
39 prepared
Unescaped Output
10
420 escaped
Nonce Checks
12
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

67% prepared58 total queries

Output Escaping

98% escaped430 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
display_crud_menu (admin\inc\menu\class-daextlnl-menu-elements.php:1428)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Live News – Responsive News Ticker Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 5

authwp_ajax_set_status_cookieclass-daextlnl-ajax.php:50
noprivwp_ajax_set_status_cookieclass-daextlnl-ajax.php:51
authwp_ajax_get_ticker_dataclass-daextlnl-ajax.php:53
noprivwp_ajax_get_ticker_dataclass-daextlnl-ajax.php:54
authwp_ajax_update_default_colorsclass-daextlnl-ajax.php:56

REST API Routes 2

POST/wp-json/live-news-lite/v1/read-options/inc\class-daextlnl-rest.php:63
POST/wp-json/live-news-lite/v1/optionsinc\class-daextlnl-rest.php:74
WordPress Hooks 20
actionadmin_enqueue_scriptsadmin\class-daextlnl-admin.php:85
actionadmin_enqueue_scriptsadmin\class-daextlnl-admin.php:86
actionadmin_menuadmin\class-daextlnl-admin.php:89
actionwpmu_new_blogadmin\class-daextlnl-admin.php:92
actiondelete_blogadmin\class-daextlnl-admin.php:95
actioninitadmin\class-daextlnl-admin.php:98
actionadmin_initadmin\inc\menu\class-daextlnl-menu-elements.php:125
actionadmin_initadmin\inc\menu\class-daextlnl-menu-elements.php:126
actionadmin_initadmin\inc\menu\class-daextlnl-menu-elements.php:127
actionadmin_initadmin\inc\menu\class-daextlnl-menu-elements.php:128
actionadmin_initadmin\inc\menu\class-daextlnl-menu-elements.php:132
actionrest_api_initinc\class-daextlnl-rest.php:38
actionplugins_loadedinit.php:27
actionplugins_loadedinit.php:31
actionplugins_loadedinit.php:38
actionplugins_loadedinit.php:51
actionwp_headpublic\class-daextlnl-public.php:57
actionwp_enqueue_scriptspublic\class-daextlnl-public.php:60
actionwp_enqueue_scriptspublic\class-daextlnl-public.php:61
actiondelete_categorypublic\class-daextlnl-public.php:67
Maintenance & Trust

Live News – Responsive News Ticker Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 11, 2025
PHP min version7.2
Downloads14K

Community Trust

Rating0/100
Number of ratings0
Active installs3K
Alternatives

Live News – Responsive News Ticker Alternatives

T4B News Ticker – Responsive News Scroller, Slider, and Animations

T4B News Ticker – Responsive News Scroller, Slider, and Animations

t4b-news-ticker

A
100

T4B News Ticker is a flexible and user-friendly news ticker plugin for WordPress, designed to create horizontal news tickers with 4 unique animations.

7K No CVEs
TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More

wp-top-news

A
100

Create and display news in various layouts like Grid, List, Ticker etc. from internal, external and rss sources.

800 No CVEs
Breaking News WP

Breaking News WP

breaking-news-wp

D
43

Show in every place your Free and Custom Breaking News Bar

400 2 unpatched
Latest Simple News Ticker

Latest Simple News Ticker

latest-simple-news-ticker

A
85

This plugin help you to view the latest posts or page on your website.This plugin also have three type of animation such as Fade Effects,Slide Effects &hellip;

80 No CVEs
News ticker

News ticker

news-ticker-tj

A
85

Premium Quality but free. It is responsive and easily custimzeable. Video tutorials are given for usage and custimization.

50 No CVEs
Developer Profile

Live News – Responsive News Ticker Developer Profile

DAEXT

13 plugins · 30K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
101 days
View full developer profile
Detection Fingerprints

How We Detect Live News – Responsive News Ticker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/live-news-lite/admin/css/admin.css/wp-content/plugins/live-news-lite/admin/js/admin.js/wp-content/plugins/live-news-lite/public/css/public.css/wp-content/plugins/live-news-lite/public/js/public.js
Script Paths
/wp-content/plugins/live-news-lite/admin/js/admin.js/wp-content/plugins/live-news-lite/public/js/public.js
Version Parameters
live-news-lite/admin/css/admin.css?ver=live-news-lite/admin/js/admin.js?ver=live-news-lite/public/css/public.css?ver=live-news-lite/public/js/public.js?ver=

HTML / DOM Fingerprints

CSS Classes
daextlnl-tickerdaextlnl-featured-newsdaextlnl-sliding-news
Data Attributes
data-daextlnl-ticker-iddata-daextlnl-featured-news-iddata-daextlnl-sliding-news-id
JS Globals
daextlnl_public_vars
REST Endpoints
/wp-json/daextlnl/v1/ticker/wp-json/daextlnl/v1/featured_news/wp-json/daextlnl/v1/sliding_news
Shortcode Output
[live-news-lite-ticker][live-news-lite-featured-news][live-news-lite-sliding-news]
FAQ

Frequently Asked Questions about Live News – Responsive News Ticker