Does PicTips have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is PicTips compatible with WordPress 3.5.2?

According to WordPress.org data, PicTips 2.0 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is PicTips updated?

PicTips was last updated on May 8, 2013. Frequent updates are generally a positive security signal.

What is PicTips's security score?

PicTips has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PicTips Security & Risk Analysis

wordpress.org/plugins/pictips

PicTips provides a shortcode for images to be used as ToolTips. Like ToolTips but with pictures.

10 active installs v2.0 PHP + WP 3.1+ Updated May 8, 2013

hoverimagepicturestool-tiptooltip

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PicTips Safe to Use in 2026?

Generally Safe

Score 85/100

PicTips has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "pictips" v2.0 plugin exhibits a generally strong security posture with no known vulnerabilities or critical static analysis findings. The complete absence of dangerous functions, raw SQL queries, and external HTTP requests is commendable. Furthermore, the plugin utilizes prepared statements for all SQL interactions and implements capability checks, which are good security practices. However, there are areas for improvement. The 50% rate of properly escaped output indicates a potential for cross-site scripting (XSS) vulnerabilities, especially given the presence of a shortcode which could be a vector for such attacks. The absence of nonce checks, while not directly flagged as an issue in this analysis, is a standard security measure for forms and AJAX actions that should ideally be present to prevent CSRF attacks. The lack of taint analysis results, while potentially meaning no issues were found, could also indicate an incomplete analysis or a lack of complex data flows that might hide vulnerabilities.

Key Concerns

Output escaping is only 50% proper
No nonce checks implemented

Vulnerabilities

None known

PicTips Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

PicTips Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

PicTips Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped8 total outputs

Attack Surface

PicTips Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[pictip] pictips.php:54

WordPress Hooks 14

filterfilter_installed_pictips_stylesphp\pictips-custom-styles-main.php:25

actionwp_enqueue_scriptsphp\pictips-custom-styles-main.php:28

actionadmin_initphp\pictips-settings.php:42

actionadmin_menuphp\pictips-settings.php:43

filterplugin_installed_addonsphp\pictips-settings.php:47

actioninitpictips.php:25

actioninitpictips.php:26

actionwp_footerpictips.php:27

actionwp_enqueue_scriptspictips.php:28

actionadmin_enqueue_scriptspictips.php:29

filterthe_contentpictips.php:31

filtermce_external_pluginspictips.php:148

filtermce_buttonspictips.php:149

actionadd_meta_boxespictips.php:151

Maintenance & Trust

PicTips Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedMay 8, 2013

PHP min version

Downloads3K

Community Trust

Rating90/100

Number of ratings2

Active installs10

Alternatives

PicTips Alternatives

FancyBox for WordPress

fancybox-for-wordpress

Seamlessly integrates FancyBox lightbox into your WordPress blog: Upload, activate, and you're done. Additional configuration optional.

40K 3 CVEs

Image Hover Effects – Elementor Addon

image-hover-effects-addon-for-elementor

Add creative image hover effects to Elementor page builder. Easily customize title and content and effects with intuitive interface.

40K 1 unpatched

Image Hover Effects Ultimate ( Image Gallery, Effects, Lightbox, Comparison & Magnifier )

image-hover-effects-ultimate

Add stunning image hover effects to WordPress. 500+ CSS3 animations, 10 effect modules, no coding needed. Support Elementor & Gutenberg.

20K 8 CVEs

Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress

gallery-plugin

Add beautiful, fully responsive galleries, albums, images, and categories to your WordPress website quickly and easily. Showcase your portfolio, photo …

10K 5 CVEs

Flipbox – Awesome Flip Boxes & Image Overlay for WordPress

image-hover-effects-ultimate-visual-composer

Create stunning CSS3 flip boxes in WordPress. 29 styles, 50+ animations, no coding. Works with any page builder (Elementor, WPBakery, Gutenberg, etc).

10K 1 CVE

Developer Profile

PicTips Developer Profile

8MediaCentral

2 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PicTips

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pictips/css/pictips-styles.css/wp-content/plugins/pictips/css/pictips-post-styles.css/wp-content/plugins/pictips/js/pictips-script.js/wp-content/plugins/pictips/js/pictips-mce-plugin.js

Script Paths

http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.jshttp://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js

HTML / DOM Fingerprints

CSS Classes

pictips

Data Attributes

data-iddata-srcdata-style

JS Globals

pictip_calledpictips-valid-styles

Shortcode Output

<div class = "pictips"

FAQ