WP-Safety

PBP Newsticker Security & Risk Analysis

wordpress.org/plugins/pbp-newsticker

Create many newsticker with display using shortscode, widgets or PHP

10 active installs v1.3.2 PHP + WP 3.0.1+ Updated Apr 24, 2015
newsticker
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PBP Newsticker Safe to Use in 2026?

Generally Safe

Score 85/100

PBP Newsticker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "pbp-newsticker" v1.3.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerabilities or CVEs, suggesting a generally stable and well-maintained codebase historically. It also performs external HTTP requests and uses jQuery, which are common in WordPress plugins.

However, significant security concerns arise from the static analysis. The plugin has an unprotected AJAX handler, which represents a direct entry point for attackers that lacks authentication. Furthermore, a substantial 50% of its output is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also indicates two flows with unsanitized paths, though these are not classified as critical or high severity, they still represent potential weaknesses if they interact with user-supplied data.

While the lack of historical vulnerabilities is a strength, the current static analysis findings, particularly the unauthenticated AJAX handler and widespread unescaped output, present immediate and tangible risks. The plugin's overall security is compromised by these specific weaknesses, despite its adherence to some secure coding practices and its clean vulnerability history.

Key Concerns

  • Unprotected AJAX handler
  • 50% of outputs not properly escaped
  • Flows with unsanitized paths
Vulnerabilities
None known

PBP Newsticker Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

PBP Newsticker Release Timeline

v1.3.1
v1.2
v1.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

PBP Newsticker Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
50
0 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

jQuery

Output Escaping

0% escaped50 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
create_data_source_instance (pbp-newsticker.php:347)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

PBP Newsticker Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_create_data_source_instancepbp-newsticker.php:83

Shortcodes 1

[newsticker] pbp-newsticker.php:92
WordPress Hooks 16
actionpbpNewsticker_save_settingsdata_source.class.php:549
filterpbpNewsticker_ticker_settingsdata_source.class.php:552
filterpbpNewsticker_ticker_settingsdata_source.class.php:553
filterwp_feed_cache_transient_lifetimedata_sources/rss.class.php:55
filterwp_feed_cache_transient_lifetimedata_sources/twitter.class.php:54
actioninitpbp-newsticker.php:78
actionadmin_initpbp-newsticker.php:79
actionwp_enqueue_scriptspbp-newsticker.php:80
actionadmin_enqueue_scriptspbp-newsticker.php:81
actionadmin_menupbp-newsticker.php:82
filterpbpNewsticker_item_time_ago_formatpbp-newsticker.php:85
filterpbpNewsticker_stringpbp-newsticker.php:86
filterpbpNewsticker_stringpbp-newsticker.php:87
filterpbpNewsticker_stringpbp-newsticker.php:88
filterpbpNewsticker_stringpbp-newsticker.php:89
filterpbpNewsticker_stringpbp-newsticker.php:90
Maintenance & Trust

PBP Newsticker Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39
Last updatedApr 24, 2015
PHP min version
Downloads3K

Community Trust

Rating66/100
Number of ratings3
Active installs10
Alternatives

PBP Newsticker Alternatives

Awesome Wp Widget Newsticker

Awesome Wp Widget Newsticker

awesome-wp-widget-newsticker

A
85

news Ticker widget is a multi-functional data display plugin.

200 No CVEs
FikraTicker

FikraTicker

fikraticker

A
85

FikraTicker is a simple and multi-effects newsticker that displays the recent news/posts on your website/blog

100 No CVEs
AnnounceME

AnnounceME

announceme

A
85

AnnounceME is a simple plugin, coded to help you publishing important Announcements.

10 No CVEs
NewsTick Ultra

NewsTick Ultra

newstick-ultra

A
85

A stylish and customisable news ticker that displays news or alternative content.

10 No CVEs
Posts News Ticker

Posts News Ticker

posts-news-ticker

A
85

Show Latest posts news ticker at bottom

10 No CVEs
Developer Profile

PBP Newsticker Developer Profile

projoktibangla

6 plugins · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PBP Newsticker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pbp-newsticker/js/pbpNewsticker.js/wp-content/plugins/pbp-newsticker/css/pbpNewsticker.css/wp-content/plugins/pbp-newsticker/media/pbpNewsticker/skins/dark.css/wp-content/plugins/pbp-newsticker/media/pbpNewsticker/skins/green.css/wp-content/plugins/pbp-newsticker/media/pbpNewsticker/skins/blue.css/wp-content/plugins/pbp-newsticker/media/pbpNewsticker/skins/red.css/wp-content/plugins/pbp-newsticker/media/pbpNewsticker/skins/yellow.css
Script Paths
/wp-content/plugins/pbp-newsticker/js/pbpNewsticker.js
Version Parameters
pbp-newsticker/js/pbpNewsticker.js?ver=pbp-newsticker/css/pbpNewsticker.css?ver=

HTML / DOM Fingerprints

CSS Classes
pbp-newsticker-container
Shortcode Output
[newsticker
FAQ

Frequently Asked Questions about PBP Newsticker