Does Tarot and Horoscope have any unpatched vulnerabilities?

No. All known vulnerabilities in Tarot and Horoscope have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tarot and Horoscope compatible with WordPress 6.9.4?

According to WordPress.org data, Tarot and Horoscope 1.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Tarot and Horoscope compatible with PHP 7.0+?

Tarot and Horoscope requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tarot and Horoscope updated?

Tarot and Horoscope was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Tarot and Horoscope's security score?

Tarot and Horoscope has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tarot and Horoscope Security Review

Safety Verdict

Is Tarot and Horoscope Safe to Use in 2026?

Generally Safe

Score 100/100

Tarot and Horoscope has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'tarot-and-horoscope' plugin, v1.0.4, exhibits a strong security posture based on the provided static analysis. It demonstrates excellent adherence to best practices, with all identified entry points (AJAX handlers, REST API routes, and shortcodes) appearing to be protected by authentication and authorization checks. The code also shows a commendable commitment to secure coding by using prepared statements for all SQL queries and properly escaping a vast majority of its output. The absence of any critical or high-severity taint flows further reinforces this positive assessment.

Vulnerabilities

None known

Tarot and Horoscope Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tarot and Horoscope Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

0 prepared

Unescaped Output

9

635 escaped

Nonce Checks

18

Capability Checks

5

File Operations

1

External Requests

4

Bundled Libraries

0

Output Escaping

99% escaped644 total outputs

Data Flows

All sanitized

Data Flow Analysis

12 flows

tarotxhoroscope_daily_tarot_admin_save (admin\gamestyles\dailytarot.php:180)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Tarot and Horoscope Attack Surface

Entry Points20

Unprotected0

AJAX Handlers 16

authwp_ajax_onecard_api_callapi\api-handler.php:91

noprivwp_ajax_onecard_api_callapi\api-handler.php:92

authwp_ajax_dailytarot_api_callapi\api-handler.php:93

noprivwp_ajax_dailytarot_api_callapi\api-handler.php:94

authwp_ajax_threecard_api_callapi\api-handler.php:95

noprivwp_ajax_threecard_api_callapi\api-handler.php:96

authwp_ajax_tarotxhoroscope_chat_token_api_callapi\api-handler.php:211

noprivwp_ajax_tarotxhoroscope_chat_token_api_callapi\api-handler.php:212

authwp_ajax_tarotxhoroscope_horoscopemonthly_api_callapi\api-handler.php:213

noprivwp_ajax_tarotxhoroscope_horoscopemonthly_api_callapi\api-handler.php:214

authwp_ajax_tarotxhoroscope_reset_daily_game_and_chatshortcodes\dailytarot.php:9

noprivwp_ajax_tarotxhoroscope_reset_daily_game_and_chatshortcodes\dailytarot.php:10

authwp_ajax_tarotxhoroscope_reset_onecard_game_and_chatshortcodes\onecard.php:9

noprivwp_ajax_tarotxhoroscope_reset_onecard_game_and_chatshortcodes\onecard.php:10

authwp_ajax_tarotxhoroscope_reset_threecard_game_and_chatshortcodes\threecard.php:9

noprivwp_ajax_tarotxhoroscope_reset_threecard_game_and_chatshortcodes\threecard.php:10

Shortcodes 4

[tarotxhoroscope_dailytarot] shortcodes\dailytarot.php:182

[tarotxhoroscope_monthly_horoscope] shortcodes\monthly_horoscope.php:50

[tarotxhoroscope_onecard] shortcodes\onecard.php:182

[tarotxhoroscope_threecard] shortcodes\threecard.php:188

WordPress Hooks 7

actionadmin_menutarot-and-horoscope.php:20

actionadmin_inittarot-and-horoscope.php:21

actionadmin_inittarot-and-horoscope.php:22

actionadmin_enqueue_scriptstarot-and-horoscope.php:23

actionadmin_noticestarot-and-horoscope.php:208

filterpre_update_option_tarotxhoroscope_api_keytarot-and-horoscope.php:370

filterpre_update_option_tarotxhoroscope_domaintarot-and-horoscope.php:371

Maintenance & Trust

Tarot and Horoscope Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Tarot and Horoscope Alternatives

EZ Horoscope Professional

ez-horoscope

A

100

Astrologically accurate horoscopes with cosmic insights, advice, birth charts, and AI voice agents for chatting about readings.

200 No CVEs

The Daily Horoscope

the-daily-horoscope

A

85

Add The Daily Horoscope Plugin to your widgets, posts and pages. Select your sign and read your daily horoscope.

200 No CVEs

Divine Astro

horoscope-and-tarot

A

91

Divineapi.com is a leading API platform for services like Daily Horoscope, Tarot reading, Kundali, Panchang, Natal Chart, Fortune Cookie, Coffee Cup r …

100 1 CVE

Ephemeris

ephemeris

A

85

Adds a sidebar widget that display from the astrological sky the sun sign, the moon sign and the moon phase.

90 No CVEs

Monthly Horoscopes

monthly-horoscopes

A

85

Add up to 12 months of sun sign monthly horoscopes to your sites pages and posts pages with this free and easy to install WordPress plugin.

50 No CVEs

Developer Profile

Tarot and Horoscope Developer Profile

Tarot and Horoscope

1 plugin · 40 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tarot and Horoscope

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tarot-and-horoscope/admin/admin-styles.css/wp-content/plugins/tarot-and-horoscope/admin/admin-scripts.js/wp-content/plugins/tarot-and-horoscope/games/images/tarotandhoroscopeplugin.png/wp-content/plugins/tarot-and-horoscope/games/images/tarotandhoroscopepluginsettings.JPG/wp-content/plugins/tarot-and-horoscope/games/images/tarotandhoroscopepluginmoresettings.JPG/wp-content/plugins/tarot-and-horoscope/games/images/tarotandhoroscopegamesettings.JPG/wp-content/plugins/tarot-and-horoscope/games/images/tarotandhoroscopemoregamesettings.JPG/wp-content/plugins/tarot-and-horoscope/games/images/tarotandhoroscopeshortcodes.JPG

Script Paths

/wp-content/plugins/tarot-and-horoscope/admin/admin-scripts.js

Version Parameters

tarot-and-horoscope/admin/admin-styles.css?ver=1.0.4tarot-and-horoscope/admin/admin-scripts.js?ver=1.0.4

HTML / DOM Fingerprints

CSS Classes

tarot-horoscope-containertarot-logoapi-key-warning

Data Attributes

data-urldata-gamedata-sitekeydata-readerdata-themedata-title+2 more

JS Globals

tarotxhoroscope_vars

REST Endpoints

/wp-json/tarotxhoroscope/v1/chat/wp-json/tarotxhoroscope/v1/horoscope

Shortcode Output

[tarotxhoroscope_onecard][tarotxhoroscope_dailytarot][tarotxhoroscope_threecard][tarotxhoroscope_monthly_horoscope]

FAQ

Tarot and Horoscope Security & Risk Analysis