Does NewsTick Ultra have any unpatched vulnerabilities?

No. All known vulnerabilities in NewsTick Ultra have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is NewsTick Ultra compatible with WordPress 5.4.19?

According to WordPress.org data, NewsTick Ultra 1.0 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is NewsTick Ultra compatible with PHP 7.2+?

NewsTick Ultra requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is NewsTick Ultra updated?

NewsTick Ultra was last updated on Jul 21, 2020. Frequent updates are generally a positive security signal.

What is NewsTick Ultra's security score?

NewsTick Ultra has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

NewsTick Ultra Security & Risk Analysis

wordpress.org/plugins/newstick-ultra

A stylish and customisable news ticker that displays news or alternative content.

10 active installs v1.0 PHP 7.2+ WP 5.4+ Updated Jul 21, 2020

beautiful-newstickercustomisable-newticker-pluginflexible-newsticker-pluginnewsticker-for-wordpresswell-designed-newsticker

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is NewsTick Ultra Safe to Use in 2026?

Generally Safe

Score 85/100

NewsTick Ultra has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The newstick-ultra plugin version 1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, performing all SQL queries with prepared statements, and not making external HTTP requests. The absence of known vulnerabilities in its history is also a strong positive indicator. However, several concerning areas are present in the static analysis. The plugin has one AJAX handler that lacks authentication checks, creating a direct entry point for unauthenticated access. Furthermore, the output escaping is significantly lacking, with only 32% of outputs properly escaped. This low rate of proper escaping presents a substantial risk for cross-site scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX handler.

Key Concerns

Unprotected AJAX handler
Low percentage of properly escaped output
Missing nonce checks on AJAX

Vulnerabilities

None known

NewsTick Ultra Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

NewsTick Ultra Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

32% escaped34 total outputs

Attack Surface

1 unprotected

NewsTick Ultra Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_NSWUP_ajax_formnewstick-ultra.php:283

Shortcodes 1

[newstick-ultra] newstick-ultra.php:82

WordPress Hooks 5

actionadmin_headnewstick-ultra.php:28

actionwp_enqueue_scriptsnewstick-ultra.php:30

actionadmin_enqueue_scriptsnewstick-ultra.php:48

actionadmin_menunewstick-ultra.php:88

actionadmin_initnewstick-ultra.php:137

Maintenance & Trust

NewsTick Ultra Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedJul 21, 2020

PHP min version7.2

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

NewsTick Ultra Alternatives

No alternatives data available yet.

Developer Profile

NewsTick Ultra Developer Profile

Geeky Nigeria

4 plugins · 100 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect NewsTick Ultra

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/newstick-ultra/css/styles.css/wp-content/plugins/newstick-ultra/js/marquee-scroll.js/wp-content/plugins/newstick-ultra/js/marquee-scroll-min.js/wp-content/plugins/newstick-ultra/js/jquery.marquee.min.js/wp-content/plugins/newstick-ultra/js/bn-opt-res.js

Script Paths

/wp-content/plugins/newstick-ultra/js/marquee-scroll.js/wp-content/plugins/newstick-ultra/js/marquee-scroll-min.js/wp-content/plugins/newstick-ultra/js/jquery.marquee.min.js/wp-content/plugins/newstick-ultra/js/bn-opt-res.js

HTML / DOM Fingerprints

CSS Classes

NSWUP_center-alignNSWUP-h2NSWUP-codebxneNSWUP-bodyNSWUP_select-cssNSWUP-title

Data Attributes

id="NSWUP_fil_cat"id="NSWUP_num_not"id="NSWUP_title_content"id="NSWUP_text"id="NSWUP_dim_barra"id="NSWUP_col_tit"+12 more

JS Globals

window.NSWUP_update_options

Shortcode Output

[newstick-ultra]

FAQ