WP-Safety

Pronosticos Apuestas TAP Security & Risk Analysis

wordpress.org/plugins/pronosticos-apuestas-tap

Permite gestionar pronosticos de apuestas

10 active installs v1.2.6 PHP + WP 3.5.1+ Updated Jan 5, 2016
apuestaspickspronosticostipsters
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Pronosticos Apuestas TAP Safe to Use in 2026?

Generally Safe

Score 85/100

Pronosticos Apuestas TAP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The plugin 'pronosticos-apuestas-tap' v1.2.6 presents a concerning security posture due to a significant number of unprotected AJAX handlers, indicating a broad attack surface accessible without proper authentication checks. While the plugin demonstrates good practices in SQL query preparation and nonce checks, the presence of the 'unserialize' dangerous function and taint analysis revealing flows with unsanitized paths are critical red flags. These specific code signals suggest potential vulnerabilities that could be exploited to inject malicious code or manipulate data, especially when combined with the unprotected entry points. The lack of any recorded vulnerability history is a positive, suggesting that past development may not have had exploitable flaws. However, this does not mitigate the immediate risks identified in the static analysis. Overall, the plugin has strengths in its SQL handling and nonce implementation, but the identified code vulnerabilities and exposed attack surface require urgent attention to prevent potential security breaches.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function unserialize
  • Taint flows with unsanitized paths (High severity)
  • Taint flows with unsanitized paths (High severity)
  • Output escaping is not consistently applied
  • Bundled outdated library DataTables v1.0.4
  • Bundled outdated library Select2 v3.5.2
Vulnerabilities
None known

Pronosticos Apuestas TAP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Pronosticos Apuestas TAP Release Timeline

v1.2.6Current
v1.2.5
v1.2.4
v1.2.3
v1.2.1
v1.2.0
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

Pronosticos Apuestas TAP Code Analysis

Dangerous Functions
4
Raw SQL Queries
1
21 prepared
Unescaped Output
117
105 escaped
Nonce Checks
9
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$datetime = unserialize( $meta_value );admin\includes\cmb\helpers\cmb_Meta_Box_types.php:486
unserialize$pedido->setElementos(unserialize($queryResult->elementos));includes\PedidoRepository.php:126
unserialize$pedido->setElementos(unserialize($queryResult->elementos));includes\PedidoRepository.php:163
unserialize$pedido->setElementos(unserialize($row->elementos));includes\PedidoRepository.php:194

Bundled Libraries

DataTables1.0.4Select23.5.2

SQL Query Safety

95% prepared22 total queries

Output Escaping

47% escaped222 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
listar_suscripciones (public\class-pronosticos-apuestas-tap.php:1182)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Pronosticos Apuestas TAP Attack Surface

Entry Points9
Unprotected9

AJAX Handlers 9

authwp_ajax_cmb_oembed_handleradmin\includes\cmb\init.php:1047
noprivwp_ajax_cmb_oembed_handleradmin\includes\cmb\init.php:1048
noprivwp_ajax_pronostico_apuestas_update_shopping_cartpublic\class-pronosticos-apuestas-tap.php:88
authwp_ajax_pronostico_apuestas_update_shopping_cartpublic\class-pronosticos-apuestas-tap.php:89
noprivwp_ajax_pronostico_apuestas_validar_cuponpublic\class-pronosticos-apuestas-tap.php:93
authwp_ajax_pronostico_apuestas_validar_cuponpublic\class-pronosticos-apuestas-tap.php:94
noprivwp_ajax_pronostico_apuestas_confirm_paypalpublic\class-pronosticos-apuestas-tap.php:98
authwp_ajax_pronostico_apuestas_confirm_paypalpublic\class-pronosticos-apuestas-tap.php:99
authwp_ajax_pronostico_apuestas_listar_suscripcionespublic\class-pronosticos-apuestas-tap.php:116
WordPress Hooks 56
actionadmin_enqueue_scriptsadmin\class-pronosticos-apuestas-tap-admin.php:109
actionadmin_enqueue_scriptsadmin\class-pronosticos-apuestas-tap-admin.php:110
actionadmin_menuadmin\class-pronosticos-apuestas-tap-admin.php:112
actionpronostico_apuestas_save_promocionadmin\class-pronosticos-apuestas-tap-admin.php:117
actionpronostico_apuestas_metodos_pagoadmin\class-pronosticos-apuestas-tap-admin.php:118
actionpronostico_apuestas_gestion_suscripcionesadmin\class-pronosticos-apuestas-tap-admin.php:120
actionpronostico_apuestas_enviar_email_suscripcion_por_paysafecardadmin\class-pronosticos-apuestas-tap-admin.php:122
actionpronostico_apuestas_enviar_email_suscripcion_por_paypal_editadaadmin\class-pronosticos-apuestas-tap-admin.php:123
filterwp_mail_fromadmin\class-pronosticos-apuestas-tap-admin.php:124
filterwp_mail_from_nameadmin\class-pronosticos-apuestas-tap-admin.php:125
filterwp_mail_content_typeadmin\class-pronosticos-apuestas-tap-admin.php:126
actionwp_insert_postadmin\class-pronosticos-apuestas-tap-admin.php:128
filtercmb_meta_boxesadmin\includes\cmb\example-functions.php:11
actioninitadmin\includes\cmb\example-functions.php:406
filterget_post_metadataadmin\includes\cmb\helpers\cmb_Meta_Box_ajax.php:112
filterupdate_post_metadataadmin\includes\cmb\helpers\cmb_Meta_Box_ajax.php:114
filtercmb_show_onadmin\includes\cmb\init.php:171
actionadmin_enqueue_scriptsadmin\includes\cmb\init.php:175
actionadmin_menuadmin\includes\cmb\init.php:178
actionadd_attachmentadmin\includes\cmb\init.php:179
actionedit_attachmentadmin\includes\cmb\init.php:180
actionsave_postadmin\includes\cmb\init.php:181
actionadmin_enqueue_scriptsadmin\includes\cmb\init.php:182
actionadmin_headadmin\includes\cmb\init.php:185
actionshow_user_profileadmin\includes\cmb\init.php:200
actionedit_user_profileadmin\includes\cmb\init.php:201
actionpersonal_options_updateadmin\includes\cmb\init.php:203
actionedit_user_profile_updateadmin\includes\cmb\init.php:204
actionadmin_headadmin\includes\cmb\init.php:207
filtercmb_meta_boxesadmin\includes\meta-boxes.php:32
actioninitadmin\includes\meta-boxes.php:33
actionadmin_enqueue_scriptsadmin\includes\meta-boxes.php:34
actioninitincludes\post-type-members.php:29
actioninitincludes\post-type-members.php:34
actioninitincludes\post-type-paypal.php:29
actioninitincludes\post-type-paypal.php:34
actionplugins_loadedpronosticos-apuestas-tap.php:56
actionplugins_loadedpronosticos-apuestas-tap.php:75
actionplugins_loadedpronosticos-apuestas-tap.php:79
actionplugins_loadedpronosticos-apuestas-tap.php:85
actionplugins_loadedpronosticos-apuestas-tap.php:90
actioninitpublic\class-pronosticos-apuestas-tap.php:71
actionwpmu_new_blogpublic\class-pronosticos-apuestas-tap.php:73
actionwp_enqueue_scriptspublic\class-pronosticos-apuestas-tap.php:75
actionwp_enqueue_scriptspublic\class-pronosticos-apuestas-tap.php:76
actionpronostico_apuestas_user_bar_menuitempublic\class-pronosticos-apuestas-tap.php:81
actionpronostico_apuestas_checkout_shopping_cartpublic\class-pronosticos-apuestas-tap.php:87
actionpronostico_apuestas_paypal_responsepublic\class-pronosticos-apuestas-tap.php:100
actionpronostico_apuestas_enviar_email_suscripcion_por_paypalpublic\class-pronosticos-apuestas-tap.php:104
actionpronostico_apuestas_enviar_email_suscripcion_por_paysafecard_creadapublic\class-pronosticos-apuestas-tap.php:105
filterwp_mail_frompublic\class-pronosticos-apuestas-tap.php:106
filterwp_mail_from_namepublic\class-pronosticos-apuestas-tap.php:107
filterwp_mail_content_typepublic\class-pronosticos-apuestas-tap.php:108
actionwppublic\class-pronosticos-apuestas-tap.php:112
actionpronostico_apuestas_cancelar_suscripcion_hourly_eventpublic\class-pronosticos-apuestas-tap.php:113
actionpronostico_apuestas_cancelar_suscripcionpublic\class-pronosticos-apuestas-tap.php:114

Scheduled Events 1

pronostico_apuestas_cancelar_suscripcion_hourly_event
Maintenance & Trust

Pronosticos Apuestas TAP Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedJan 5, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Pronosticos Apuestas TAP Alternatives

Epic Tap Widgets

Epic Tap Widgets

epic-tap-widgets

A
85

Widgets collection for TodoApuestas's blog network

20 No CVEs
Tipster TAP

Tipster TAP

tipster-tap

A
85

Manage tipsters and picks.

20 No CVEs
Comic Book Management System

Comic Book Management System

comicbookmanagementsystemweeklypicks

B
83

Comic Book Management System Weekly Picks allows users to display seven comic book, picks of the week in an animated display.

10 1 CVE
TopPicks – Editorial Picks Card Section

TopPicks – Editorial Picks Card Section

toppicks-block

A
100

Create editorial "Top Picks" card sections for listicle articles. Zero JS, under 5KB, works with any theme.

0 No CVEs
Developer Profile

Pronosticos Apuestas TAP Developer Profile

todoapuestas

5 plugins · 80 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pronosticos Apuestas TAP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pronosticos-apuestas-tap/public/css/pronosticos-apuestas-tap-public.css/wp-content/plugins/pronosticos-apuestas-tap/public/js/pronosticos-apuestas-tap-public.js
Script Paths
/wp-content/plugins/pronosticos-apuestas-tap/public/js/pronosticos-apuestas-tap-public.js
Version Parameters
pronosticos-apuestas-tap/public/css/pronosticos-apuestas-tap-public.css?ver=pronosticos-apuestas-tap/public/js/pronosticos-apuestas-tap-public.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Pronosticos Apuestas TAP