WP-Safety

ScrollTick Security & Risk Analysis

wordpress.org/plugins/scrolltick

This is the simple way to create scrolling text in your website.

40 active installs v1.0 PHP + WP 3.0+ Updated Unknown
announcementshorizontalnews-scrollerscrollingvertical-news
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ScrollTick Safe to Use in 2026?

Generally Safe

Score 100/100

ScrollTick has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "scrolltick" v1.0 plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and having a clean vulnerability history with no recorded CVEs, significant concerns arise from its static analysis. The plugin exposes a substantial attack surface with 3 out of 4 entry points lacking authentication checks, making them vulnerable to unauthorized access and potential exploitation. The presence of a dangerous `unserialize` function without evident sanitization or checks further heightens this risk. The low percentage of properly escaped output also indicates a potential for cross-site scripting (XSS) vulnerabilities. While the lack of reported vulnerabilities is a positive sign, it could also be attributed to limited prior analysis or the fact that the plugin is relatively new or less widely used. The current analysis reveals weaknesses that, if exploited, could lead to serious security breaches.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function 'unserialize' used
  • Low percentage of properly escaped output
  • AJAX handlers without nonce checks
  • Capability checks are missing
Vulnerabilities
None known

ScrollTick Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ScrollTick Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
277
25 escaped
Nonce Checks
4
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserializereturn unserialize($string);includes\wpsf\functions\helpers.php:73

Bundled Libraries

jQuerySelect2

Output Escaping

8% escaped302 total outputs
Attack Surface
3 unprotected

ScrollTick Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_wpsf-ajaxincludes\wpsf\classes\wpsf-ajax.php:13
noprivwp_ajax_wpsf-ajaxincludes\wpsf\classes\wpsf-ajax.php:14
authwp_ajax_wpsf-export-optionsincludes\wpsf\functions\actions.php:37

Shortcodes 1

[scrolltick] includes\class-shortcodes.php:24
WordPress Hooks 37
actionwp_enqueue_scriptsbootstrap.php:11
filterpost_row_actionsincludes\class-admin.php:13
filtermanage_scrolltick_posts_columnsincludes\class-admin.php:14
actionmanage_scrolltick_posts_custom_columnincludes\class-admin.php:15
actionwpsf_framework_loadedincludes\class-metaboxes.php:14
actioninitincludes\class-register-cpt.php:13
actionwpsf_widgetsincludes\class-register-widgets.php:15
actionwpsf_framework_loadedincludes\class-settings.php:15
actioninitincludes\class-shortcodes.php:13
actionscrolltick_loadedincludes\functions.php:12
actioncustomize_controls_enqueue_scriptsincludes\wpsf\classes\customize.php:56
actionload-profile.phpincludes\wpsf\classes\user-profile.php:35
actionload-user-edit.phpincludes\wpsf\classes\user-profile.php:39
actionshow_user_profileincludes\wpsf\classes\user-profile.php:43
actionedit_user_profileincludes\wpsf\classes\user-profile.php:47
actionpersonal_options_updateincludes\wpsf\classes\user-profile.php:52
actionedit_user_profile_updateincludes\wpsf\classes\user-profile.php:56
actionadmin_footerincludes\wpsf\functions\actions.php:56
actioncustomize_controls_print_footer_scriptsincludes\wpsf\functions\actions.php:57
actionadmin_print_styles-widgets.phpincludes\wpsf\functions\enqueue.php:69
actionadmin_enqueue_scriptsincludes\wpsf\functions\enqueue.php:73
filterwpsf_sanitize_textincludes\wpsf\functions\sanitize.php:33
filterwpsf_sanitize_textareaincludes\wpsf\functions\sanitize.php:54
filterwpsf_sanitize_checkboxincludes\wpsf\functions\sanitize.php:83
filterwpsf_sanitize_switcherincludes\wpsf\functions\sanitize.php:84
filterwpsf_sanitize_image_selectincludes\wpsf\functions\sanitize.php:116
filterwpsf_sanitize_groupincludes\wpsf\functions\sanitize.php:137
filterwpsf_sanitize_titleincludes\wpsf\functions\sanitize.php:157
filterwpsf_sanitize_cleanincludes\wpsf\functions\sanitize.php:177
filterwpsf_validate_emailincludes\wpsf\functions\validate.php:51
filterwpsf_validate_websiteincludes\wpsf\functions\validate.php:61
filterwpsf_validate_numericincludes\wpsf\functions\validate.php:84
filterwpsf_validate_requiredincludes\wpsf\functions\validate.php:106
actionwpsf_framework_loadedincludes\wpsf\wpsf-framework-demo.php:56
actionwpsf_widgetsincludes\wpsf\wpsf-framework-demo.php:57
actionafter_setup_themeincludes\wpsf\wpsf-framework.php:35
actionwidgets_initincludes\wpsf\wpsf-framework.php:107
Maintenance & Trust

ScrollTick Maintenance & Trust

Maintenance Signals

WordPress version tested5
Last updatedUnknown
PHP min version
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs40
Alternatives

ScrollTick Alternatives

WP News and Scrolling Widgets

WP News and Scrolling Widgets

sp-news-and-widget

A
100

A quick, easy way to add an News custom post type, News widget, vertical scrolling news widget to WordPress. Also work with Gutenberg shortcode block.

10K No CVEs
News, Magazine and Blog Elements

News, Magazine and Blog Elements

news-magazine-and-blog-elements

C
64

News, Magazine and Blog Elements is shipped as Visual Composer addon , Page builder Widgets, Widgets & Shortcode.

60 1 unpatched
Horizontal scrolling announcements

Horizontal scrolling announcements

horizontal-scrolling-announcements

B
83

This horizontal scrolling announcement wordpress plugin lets scroll the content from one end to another end like reel. This plugin is using JQuery Mar …

9K 1 CVE
Vertical News Scroller

Vertical News Scroller

vertical-news-scroller

A
100

Vertical News Scroller is a plugin for display vertical scrolling news for WordPress site. Admin can manage any number of news.

5K No CVEs
News Announcement Scroll

News Announcement Scroll

news-announcement-scroll

B
84

News Announcement Scroll is a simple vertical scroll news widget for your WordPress website. Easy to use & no coding knowledge required.

2K 2 CVEs
Developer Profile

ScrollTick Developer Profile

uisumo

1 plugin · 40 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ScrollTick

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scrolltick/assets/js/frontend.js/wp-content/plugins/scrolltick/assets/js/style.css
Version Parameters
scrolltick/assets/js/frontend.js?ver=scrolltick/assets/js/style.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about ScrollTick