WP-Safety

pretix widget Security & Risk Analysis

wordpress.org/plugins/pretix-widget

The pretix widget allows you to easily display pretix ticket widgets on your website. You can customize the display of your pretix tickets and provide …

400 active installs v1.1.0 PHP 8.0.26+ WP 6.1.1+ Updated May 30, 2025
gutenbergmodalnavigation
98
A · Safe
CVEs total1
Unpatched0
Last CVEOct 9, 2024
Plugin page Download
Safety Verdict

Is pretix widget Safe to Use in 2026?

Generally Safe

Score 98/100

pretix widget has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 9, 2024Updated 10mo ago
Risk Assessment

The pretix-widget v1.1.0 plugin exhibits a generally good security posture, with a notable absence of unpatched vulnerabilities and a strong adherence to secure coding practices like prepared SQL statements and well-escaped output. The static analysis reveals a small attack surface with no unprotected entry points. However, there is one concerning finding in the taint analysis: a flow with an unsanitized path. While this flow did not result in a critical or high-severity vulnerability in the current analysis, it represents a potential avenue for exploitation if not properly handled, especially in conjunction with file operations. The plugin's vulnerability history shows one past high-severity vulnerability related to PHP Remote File Inclusion, which, although patched, highlights a past area of concern. Despite this history and the single taint flow issue, the current version appears to be in a relatively secure state due to the lack of critical findings and the absence of unpatched CVEs. Vigilance regarding the unsanitized path in the taint analysis is recommended.

Key Concerns

  • Flow with unsanitized paths found
  • History of high severity RFI vulnerability
Vulnerabilities
1

pretix widget Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2024-9575high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

pretix widget <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion

Oct 9, 2024 Patched in 1.0.6 (8d)
Code Analysis
Analyzed Mar 16, 2026

pretix widget Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
70 escaped
Nonce Checks
1
Capability Checks
0
File Operations
7
External Requests
1
Bundled Libraries
0

Output Escaping

91% escaped77 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<cache> (templates\backend\cache.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

pretix widget Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[pretix_widget] includes\pretix-widget.php:39
[pretix_widget_button] includes\pretix-widget.php:40
WordPress Hooks 8
actionadmin_menuincludes\pretix-widget.php:34
actionadmin_enqueue_scriptsincludes\pretix-widget.php:35
actionenqueue_block_editor_assetsincludes\pretix-widget.php:36
actionwp_enqueue_scriptsincludes\pretix-widget.php:41
actionplugins_loadedincludes\pretix-widget.php:44
actionadmin_initincludes\settings.php:80
actioninitpretix-widget.php:48
actioninitpretix-widget.php:56
Maintenance & Trust

pretix widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedMay 30, 2025
PHP min version8.0.26
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs400
Alternatives

pretix widget Alternatives

SV Close Modal on Click Outside for Navigation Block

SV Close Modal on Click Outside for Navigation Block

sv-close-modal-on-click-outside-for-navigation-block

A
100

The modal for the mobile menu of the navigation block is closed by default only when the burger icon is clicked. This single-purpose-plugin adds a sma &hellip;

0 No CVEs
Block Navigation

Block Navigation

block-navigation

A
85

Block Navigation sidebar panel for the new Block editor.

3K No CVEs
Breadcrumb Block

Breadcrumb Block

breadcrumb-block

A
100

A simple breadcrumb trail block that supports JSON-LD structured data and is compatible with Woocommerce

3K No CVEs
Modal Guten Block

Modal Guten Block

modal-block

A
85

This plugin provides a Gutenberg Modal / Popup Block.

3K No CVEs
Light Modal Block

Light Modal Block

light-modal-block

A
100

Lightweight, customizable modal block for the WordPress block editor

2K No CVEs
Developer Profile

pretix widget Developer Profile

pretixeu

1 plugin · 400 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect pretix widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pretix-widget/assets/css/editor.css/wp-content/plugins/pretix-widget/assets/css/style.css/wp-content/plugins/pretix-widget/assets/css/backend.css/wp-content/plugins/pretix-widget/assets/js/backend.js/wp-content/plugins/pretix-widget/gutenberg/dist/pretix-widget.build.js
Script Paths
/wp-content/plugins/pretix-widget/gutenberg/dist/pretix-widget.build.js
Version Parameters
pretix-widget/assets/css/editor.css?ver=pretix-widget/assets/css/style.css?ver=pretix-widget/assets/css/backend.css?ver=pretix-widget/assets/js/backend.js?ver=pretix-widget/gutenberg/dist/pretix-widget.build.js?ver=

HTML / DOM Fingerprints

CSS Classes
pretix-widget-button-container
Data Attributes
data-pretix-widget-url
JS Globals
pretixWidgetDefaultspretixWidgetLanguages
Shortcode Output
[pretix_widget][pretix_widget_button]
FAQ

Frequently Asked Questions about pretix widget