Does News Ticker for Elementor have any unpatched vulnerabilities?

Yes — News Ticker for Elementor currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is News Ticker for Elementor compatible with WordPress 6.7.5?

According to WordPress.org data, News Ticker for Elementor 2.1.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is News Ticker for Elementor compatible with PHP 7.4+?

News Ticker for Elementor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is News Ticker for Elementor updated?

News Ticker for Elementor was last updated on Nov 5, 2024. Frequent updates are generally a positive security signal.

What is News Ticker for Elementor's security score?

News Ticker for Elementor has a WP-Safety security score of 71/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

News Ticker for Elementor Security & Risk Analysis

wordpress.org/plugins/news-ticker-for-elementor

News icker for Elementor lets you add news ticker with the Elementor Page builder.You can use any of your blog post as news ticker.

2K active installs v2.1.3 PHP 7.4+ WP 5.0+ Updated Nov 5, 2024

elementor-news-sliderelementor-news-tickernews-slidernews-tickerticker

B · Generally Safe

CVEs total1

Unpatched1

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is News Ticker for Elementor Safe to Use in 2026?

Mostly Safe

Score 71/100

News Ticker for Elementor is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Dec 11, 2024Updated 1yr ago

Risk Assessment

The news-ticker-for-elementor plugin v2.1.3 presents a mixed security posture. While it demonstrates good practices in areas like the exclusive use of prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns remain regarding its attack surface and vulnerability history. The plugin exposes three AJAX handlers, with two of them lacking proper authorization checks. This is a critical oversight that could allow unauthorized users to trigger potentially sensitive actions within the plugin.

Taint analysis shows no concerning flows, which is a positive indicator that sensitive data is likely being handled with care internally. However, the plugin's vulnerability history is a major red flag. It has a known unpatched medium severity vulnerability, and historically, missing authorization has been a common vulnerability type. This suggests a recurring pattern of insufficient access control in the plugin's development, which, despite other good practices, leaves it susceptible to specific types of attacks.

In conclusion, while the plugin has strengths in data handling and output sanitization, the identified unprotected entry points and the history of missing authorization vulnerabilities create a tangible risk. The unpatched CVE further exacerbates this risk. These issues should be addressed promptly to improve the plugin's overall security.

Key Concerns

Unprotected AJAX handlers
Unpatched medium severity CVE
Missing capability checks

Vulnerabilities

News Ticker for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-54278medium · 4.3Missing Authorization

News Ticker for Elementor <= 2.1.3 - Missing Authorization

Dec 11, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

News Ticker for Elementor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

74 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

Output Escaping

85% escaped87 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

goodbye_form_callback (class-plugin-deactivate-feedback.php:362)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

News Ticker for Elementor Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 3

authwp_ajax_wbelnt_goodbye_formclass-plugin-deactivate-feedback.php:62

authwp_ajax_wb_elnt_review_transientclass-plugin-review.php:21

authwp_ajax_process_wbelnt_promo_formsupport-page\class-support-page.php:24

WordPress Hooks 23

actionadmin_menuadmin\admin-pages.php:2

actionadmin_enqueue_scriptsadmin\admin-pages.php:99

actionadmin_initadmin\admin-pages.php:112

actionadmin_noticesadmin\news-ticker-utils.php:16

actionadmin_noticesadmin\news-ticker-utils.php:22

actionadmin_noticesadmin\news-ticker-utils.php:28

actionadmin_enqueue_scriptsadmin\news-ticker-utils.php:33

actionelementor/widgets/registeradmin\news-ticker-utils.php:36

actionadmin_noticesadmin\notices\support.php:10

actionadmin_footer-plugins.phpclass-plugin-deactivate-feedback.php:61

actionadmin_enqueue_scriptsclass-plugin-deactivate-feedback.php:63

filterwp_mail_content_typeclass-plugin-deactivate-feedback.php:116

actionadmin_noticesclass-plugin-review.php:19

actionadmin_footerclass-plugin-review.php:20

actionelementor/initnews-ticker-for-elementor.php:43

actionplugins_loadednews-ticker-for-elementor.php:93

actionwp_footernews-ticker-for-elementor.php:95

filtercustom_menu_ordernews-ticker-for-elementor.php:134

actionupgrader_process_completenews-ticker-for-elementor.php:144

actioninitnews-ticker-for-elementor.php:145

actionwp_headsupport-page\class-support-page.php:6

actionadmin_enqueue_scriptssupport-page\class-support-page.php:142

actionadmin_menusupport-page\class-support-page.php:171

Maintenance & Trust

News Ticker for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 5, 2024

PHP min version7.4

Downloads38K

Community Trust

Rating94/100

Number of ratings38

Active installs2K

Alternatives

News Ticker for Elementor Alternatives

News Ticker Widget for Elementor

news-ticker-widget-for-elementor

News ticker widget for elementor helps you showcase your latest news/posts in a marquee or slider format.

4K 1 CVE

WP Post Ticker

wp-post-ticker

Creates an easy to use post ticker that slides through the selected posts via shortcode and widget area.

10 No CVEs

Ditty – Responsive News Tickers, Sliders, and Lists

ditty-news-ticker

Ditty offers a range of content display options, including its signature news ticker and customizable layouts.

30K 14 CVEs

T4B News Ticker – Responsive News Scroller, Slider, and Animations

t4b-news-ticker

100

T4B News Ticker is a flexible and user-friendly news ticker plugin for WordPress, designed to create horizontal news tickers with 4 unique animations.

7K No CVEs

Live News – Responsive News Ticker

live-news-lite

100

Generate a news ticker to communicate the latest updates, including financial news, weather warnings, election results, sports scores, and more.

3K 1 CVE

Developer Profile

News Ticker for Elementor Developer Profile

Plugin Devs

14 plugins · 18K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

60 days

View full developer profile

Detection Fingerprints

How We Detect News Ticker for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/news-ticker-for-elementor/assets/js/elementor-news-ticker.js/wp-content/plugins/news-ticker-for-elementor/assets/css/elementor-news-ticker.css

Script Paths

/wp-content/plugins/news-ticker-for-elementor/assets/js/elementor-news-ticker.js

Version Parameters

news-ticker-for-elementor/assets/js/elementor-news-ticker.js?ver=news-ticker-for-elementor/assets/css/elementor-news-ticker.css?ver=

HTML / DOM Fingerprints

CSS Classes

wbelnt-up-pro-link

HTML Comments

Welcome to the Custom CSS editor!Welcome to the Custom JS editor!

Data Attributes

wbelnt_custom_csswbelnt_custom_js

FAQ