Tourwriter Itineraries Security & Risk Analysis
wordpress.org/plugins/minim-by-tourwriterEasily display your Tourwriter itineraries on your website
Is Tourwriter Itineraries Safe to Use in 2026?
Generally Safe
Score 92/100Tourwriter Itineraries has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "minim-by-tourwriter" v2.2.4 plugin exhibits a generally strong security posture based on the static analysis. It demonstrates good practices by not exposing any AJAX handlers or REST API routes without proper authentication checks. Furthermore, all identified SQL queries utilize prepared statements, which is a critical defense against SQL injection vulnerabilities. The high percentage of properly escaped output (82%) is also a positive indicator, minimizing the risk of XSS attacks.
However, the taint analysis reveals a potential area of concern: two flows with unsanitized paths were identified. While these are not categorized as critical or high severity, they represent a risk of path traversal vulnerabilities if not handled carefully, especially in conjunction with the file operations. The plugin also performs external HTTP requests, which could be a vector for attacks if the targeted external resources are compromised or if data sent to them is not properly sanitized.
The plugin's vulnerability history is completely clear, with no recorded CVEs. This suggests a history of good security development or a lack of targeted attacks, but it's not a guarantee of future security. Overall, the plugin has strengths in its handling of database interactions and authentication. The main weakness lies in the presence of unsanitized paths, which warrants closer inspection and potential remediation to ensure the plugin is fully robust against various attack vectors.
Key Concerns
- Unsanitized paths in taint analysis
- External HTTP requests present
- File operations present
Tourwriter Itineraries Security Vulnerabilities
Tourwriter Itineraries Code Analysis
Output Escaping
Data Flow Analysis
Tourwriter Itineraries Attack Surface
Shortcodes 3
WordPress Hooks 8
Maintenance & Trust
Tourwriter Itineraries Maintenance & Trust
Maintenance Signals
Community Trust
Tourwriter Itineraries Alternatives
Tour Operator
tour-operator
Tour Operator is a block-based plugin for WordPress that helps travel agencies and tour operators showcase tours, destinations, and accommodations usi …
Tourfic Toolkit
travelfic-toolkit
A companion plugin to the Travelfic and Ultimate Hotel Booking with which you can easily build your own Hotel, Accommodation, Tour & Travel Bookin …
WP Travel MapQuest
wp-travel-mapquest
A simple map addon to WP Travel plugin which can be used in place of Google Map.
WP Travel Engine – Tour Booking Plugin – Tour Operator Software
wp-travel-engine
WP Travel Engine is the most popular tour and travel booking WordPress plugin. Used by over 20,000 travel agency websites.
WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor
wte-elementor-widgets
WP Travel Engine – Elementor Widgets provides 20+ Elementor widgets to create travel and tour booking websites using WP Travel Engine and Elementor.
Tourwriter Itineraries Developer Profile
1 plugin · 50 total installs
How We Detect Tourwriter Itineraries
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/minim-by-tourwriter/dist/js/admin.js/wp-content/plugins/minim-by-tourwriter/dist/css/minim-by-tourwriter-admin.css/wp-content/plugins/minim-by-tourwriter/dist/css/minim-by-tourwriter.cssdist/js/admin.jsminim-by-tourwriter/dist/css/minim-by-tourwriter.cssHTML / DOM Fingerprints
minim-titleminim-idminim-radiodata-itinerary-iddata-itinerary-displaydata-itinerary-keywindow.minim[minim_itinerary][minim][tourwriter]