WP-Safety

Tarot, Oracle cards, Tarot readings, Tarokina Security & Risk Analysis

wordpress.org/plugins/tarokina-free

The best tarot plugin for wordpress. Intuitive and easy to use. Provides accurate tarot readings.

300 active installs v1.13 PHP 7.4+ WP 5.5+ Updated Feb 13, 2026
fortune-tellingoracle-cardstarottarot-cardstarot-readings
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Tarot, Oracle cards, Tarot readings, Tarokina Safe to Use in 2026?

Generally Safe

Score 100/100

Tarot, Oracle cards, Tarot readings, Tarokina has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "tarokina-free" plugin version 1.13 exhibits a mixed security posture. On the positive side, the plugin shows strong practices regarding output escaping (92%) and a reasonable proportion of SQL queries using prepared statements (53%). The absence of known CVEs and critical taint flows is also a significant strength. However, there are clear areas of concern that detract from its overall security.

The plugin presents an attack surface with two AJAX handlers, both of which lack authentication checks. This is a significant vulnerability as it allows unauthenticated users to potentially trigger actions within the plugin that might have unintended consequences or be exploited. Additionally, the plugin has no nonce checks, which are crucial for preventing Cross-Site Request Forgery (CSRF) attacks, especially when dealing with user-initiated actions via AJAX.

Given the lack of historical vulnerabilities, it's difficult to draw conclusions about long-term security patterns. However, the current static analysis highlights a critical oversight in securing entry points, particularly the unprotected AJAX handlers. While the plugin demonstrates good coding hygiene in other areas like output escaping, the missing authentication and nonce checks on AJAX handlers introduce a tangible risk that needs immediate attention. The overall security is therefore moderate, with specific, high-impact weaknesses despite generally good practices elsewhere.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks
  • SQL queries without prepared statements
Vulnerabilities
None known

Tarot, Oracle cards, Tarot readings, Tarokina Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Tarot, Oracle cards, Tarot readings, Tarokina Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
8 prepared
Unescaped Output
9
97 escaped
Nonce Checks
0
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

53% prepared15 total queries

Output Escaping

92% escaped106 total outputs
Attack Surface
2 unprotected

Tarot, Oracle cards, Tarot readings, Tarokina Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 2

noprivwp_ajax_e-tarotfreeincludes\class-tarokkina_free.php:272
authwp_ajax_e-tarotfreeincludes\class-tarokkina_free.php:276

Shortcodes 3

[tarot] includes\elementor-styles_free.php:5
[tarot] public\class-tarokkina_free-public.php:69
[tarot] public\class-tarokkina_free-public.php:244
WordPress Hooks 42
actioncarbon_fields_register_fieldsadmin\fields\fields_cartas.php:5
filterscript_loader_tagincludes\class-tarokkina_free.php:78
filterscript_loader_tagincludes\class-tarokkina_free.php:90
actioninitincludes\class-tarokkina_free.php:157
actionadmin_enqueue_scriptsincludes\class-tarokkina_free.php:173
actionadmin_enqueue_scriptsincludes\class-tarokkina_free.php:174
actionadmin_noticesincludes\class-tarokkina_free.php:177
actionadmin_initincludes\class-tarokkina_free.php:178
actionadmin_headincludes\class-tarokkina_free.php:183
actioncarbon_fields_register_fieldsincludes\class-tarokkina_free.php:191
actioncarbon_fields_theme_options_container_savedincludes\class-tarokkina_free.php:194
actionpost_submitbox_startincludes\class-tarokkina_free.php:197
actionedit_form_after_editorincludes\class-tarokkina_free.php:200
filteradmin_footer_textincludes\class-tarokkina_free.php:203
filteredit_tarokkina_free_per_pageincludes\class-tarokkina_free.php:206
actionin_admin_headerincludes\class-tarokkina_free.php:209
actioncarbon_fields_theme_options_container_savedincludes\class-tarokkina_free.php:215
actionsave_post_tarokkina_freeincludes\class-tarokkina_free.php:218
actionadmin_headincludes\class-tarokkina_free.php:223
actionadmin_headincludes\class-tarokkina_free.php:231
actionadmin_noticesincludes\class-tarokkina_free.php:233
actionupgrader_process_completeincludes\class-tarokkina_free.php:241
filterplugin_action_links_tarokina-free/tarokina-free.phpincludes\class-tarokkina_free.php:245
actioncarbon_fields_container_tarot_free_after_fieldsincludes\class-tarokkina_free.php:249
actioninitincludes\class-tarokkina_free.php:265
actionwp_enqueue_scriptsincludes\class-tarokkina_free.php:268
actionwpincludes\class-tarokkina_free.php:280
actionelementor/preview/initincludes\elementor-styles_free.php:7
filterdo_shortcode_tagincludes\elementor-styles_free.php:22
filtermonths_dropdown_resultsincludes\tarokkina_free_custom_type.php:97
filterbulk_actions-edit-tarokkina_freeincludes\tarokkina_free_custom_type.php:100
filtermanage_tarokkina_free_posts_columnsincludes\tarokkina_free_custom_type.php:112
filtermanage_tarokkina_free_posts_columnsincludes\tarokkina_free_custom_type.php:120
actionmanage_tarokkina_free_posts_custom_columnincludes\tarokkina_free_custom_type.php:135
filtermanage_edit-tarokkina_free-cat_columnsincludes\tarokkina_free_custom_type.php:164
actionadmin_headincludes\tarokkina_free_custom_type.php:175
actioninitincludes\tarokkina_free_custom_type.php:196
filterpost_row_actionsincludes\tarokkina_free_custom_type.php:200
actionwp_trash_postincludes\tarokkina_free_custom_type.php:209
filtertag_row_actionsincludes\tarokkina_free_custom_type.php:217
actionpre_delete_termincludes\tarokkina_free_custom_type.php:225
actionadmin_headincludes\tarokkina_free_custom_type.php:232
Maintenance & Trust

Tarot, Oracle cards, Tarot readings, Tarokina Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 13, 2026
PHP min version7.4
Downloads67K

Community Trust

Rating100/100
Number of ratings22
Active installs300
Alternatives

Tarot, Oracle cards, Tarot readings, Tarokina Alternatives

Tarot

Tarot

tarot

A
85

A fairly simple Tarot plugin. Generates a three-card spread in a Gutenberg Block.

20 No CVEs
Tarot Online

Tarot Online

tarot-online

A
92

This plugin allows you to use Tarot Online app on your WordPress website and read Tarot Online for free. Join to affiliate program and start earning m …

10 No CVEs
Oracle Cards Lite – Interactive Card Deck Plugin for WordPress

Oracle Cards Lite – Interactive Card Deck Plugin for WordPress

oracle-cards

A
99

Interactive Card Deck Plugin for WordPress

300 1 CVE
EZ Horoscope Professional

EZ Horoscope Professional

ez-horoscope

A
100

Astrologically accurate horoscopes with cosmic insights, advice, birth charts, and AI voice agents for chatting about readings.

200 No CVEs
Tarot Card Oracle

Tarot Card Oracle

card-oracle

A
100

Create tarot, oracle, cartouche, and rune readings on your WordPress site using your own decks, spreads, and meanings.

100 No CVEs
Developer Profile

Tarot, Oracle cards, Tarot readings, Tarokina Developer Profile

Arnelio Team

1 plugin · 300 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tarot, Oracle cards, Tarot readings, Tarokina

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tarokina-free/css/back_tarots.css/wp-content/plugins/tarokina-free/css/back_barajas.css/wp-content/plugins/tarokina-free/css/back_cartas.css/wp-content/plugins/tarokina-free/css/back_carta.css/wp-content/plugins/tarokina-free/admin/js/js_back_tarots.js/wp-content/plugins/tarokina-free/admin/js/js_back_barajas.js/wp-content/plugins/tarokina-free/admin/js/js_back_cartas.js/wp-content/plugins/tarokina-free/admin/js/js_back_carta.js+1 more
Script Paths
/wp-content/plugins/tarokina-free/admin/js/js_back_tarots.js/wp-content/plugins/tarokina-free/admin/js/js_back_barajas.js/wp-content/plugins/tarokina-free/admin/js/js_back_cartas.js/wp-content/plugins/tarokina-free/admin/js/js_back_carta.js/wp-content/plugins/tarokina-free/admin/js/js_admin.js
Version Parameters
/wp-content/plugins/tarokina-free/css/back_tarots.css?ver=/wp-content/plugins/tarokina-free/css/back_barajas.css?ver=/wp-content/plugins/tarokina-free/css/back_cartas.css?ver=/wp-content/plugins/tarokina-free/css/back_carta.css?ver=/wp-content/plugins/tarokina-free/admin/js/js_back_tarots.js?ver=/wp-content/plugins/tarokina-free/admin/js/js_back_barajas.js?ver=/wp-content/plugins/tarokina-free/admin/js/js_back_cartas.js?ver=/wp-content/plugins/tarokina-free/admin/js/js_back_carta.js?ver=/wp-content/plugins/tarokina-free/admin/js/js_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
cabecera_headcabecera_logocabecera_infobtnCardIdsclear_tooltiplogoTitletextFreeplugV
Data Attributes
data-text
FAQ

Frequently Asked Questions about Tarot, Oracle cards, Tarot readings, Tarokina