Online Pre-Travel Shopping Security & Risk Analysis
wordpress.org/plugins/online-pre-travel-shoppingshopnfly is the first ever online, pre-travel shopping experience, creating a one-stop-shop for anything you might like to buy across an international …
Is Online Pre-Travel Shopping Safe to Use in 2026?
Generally Safe
Score 85/100Online Pre-Travel Shopping has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'online-pre-travel-shopping' plugin version 1.1 exhibits a mixed security posture. While the absence of known CVEs and a clean taint analysis are positive indicators, the static analysis reveals significant areas for improvement. The plugin has a small attack surface, but critically, one of its two entry points, an AJAX handler, lacks any authentication or capability checks. This makes it susceptible to unauthorized execution of its functions by unauthenticated users.
Furthermore, a concerning percentage of output is not properly escaped. This could lead to various cross-site scripting (XSS) vulnerabilities if user-supplied data is not neutralized before being displayed in the browser. The lack of nonce checks on the unprotected AJAX handler exacerbates this risk, as an attacker could easily forge requests. The plugin's vulnerability history is clean, which is a strength, but it does not mitigate the immediate risks identified in the current code analysis.
In conclusion, the plugin has potential strengths in its lack of complex vulnerabilities and clean SQL query practices. However, the unprotected AJAX endpoint and insufficient output escaping present immediate and exploitable risks that require attention to harden its security.
Key Concerns
- Unprotected AJAX handler
- Insufficient output escaping
- Missing nonce checks on AJAX
Online Pre-Travel Shopping Security Vulnerabilities
Online Pre-Travel Shopping Code Analysis
Bundled Libraries
Output Escaping
Online Pre-Travel Shopping Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 9
Maintenance & Trust
Online Pre-Travel Shopping Maintenance & Trust
Maintenance Signals
Community Trust
Online Pre-Travel Shopping Alternatives
Booking.com Product Helper
bookingcom-product-helper
The Booking.com Product Helper allows you to embed any Booking.com affiliate product anywhere on your website.
GetYourGuide WordPress plugin
getyourguide-widget
Get paid to travel. Make money by sharing activities with your readers. Share GetYourGuide's incredible selection of attractions, tours and activ …
AviaSales поиск авиабилетов
aviasalesru-search-widget
Плагин Aviasales.ru для поиска билетов на вашем блоге.
Travel Search
travel-search
Search and Compare major travel websites for cheapest flights, hotels, car rentals and vacation packages in this one-step travel search engine.
Affiliate Boost
affiliate-boost
O Affiliate Boost aumenta as chances de conversão em seu afiliado, abrindo abas contextualizadas, aumentando suas receitas com o mínimo de esforço.
Online Pre-Travel Shopping Developer Profile
1 plugin · 10 total installs
How We Detect Online Pre-Travel Shopping
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/online-pre-travel-shopping/css/farbtastic.css/wp-content/plugins/online-pre-travel-shopping/css/sf_ui.css/wp-content/plugins/online-pre-travel-shopping/css/sf_themes.css/wp-content/plugins/online-pre-travel-shopping/js/sf_admin_jquery.js/wp-content/plugins/online-pre-travel-shopping/js/sf_jquery.jsHTML / DOM Fingerprints
<!-- widget --><!-- shortcode -->sel_themecustom_widthborder_colorbackground_colortext_colorbutton_color+2 moreshortcode_default_rectangleshortcode_default_wideshortcode_default_narrowshortcode_default_dynamic-widthsfts_settings_value[sf_travel_shop]