Does Tarot Online have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Tarot Online compatible with WordPress 6.7.5?

According to WordPress.org data, Tarot Online 1.5.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Tarot Online compatible with PHP 5.6.20+?

Tarot Online requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tarot Online updated?

Tarot Online was last updated on Nov 30, 2024. Frequent updates are generally a positive security signal.

What is Tarot Online's security score?

Tarot Online has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tarot Online Security & Risk Analysis

wordpress.org/plugins/tarot-online

This plugin allows you to use Tarot Online app on your WordPress website and read Tarot Online for free. Join to affiliate program and start earning m …

10 active installs v1.5.0 PHP 5.6.20+ WP 3.0+ Updated Nov 30, 2024

onlinetarottarot-cardstarot-onlinetarot-spreads

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tarot Online Safe to Use in 2026?

Generally Safe

Score 92/100

Tarot Online has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The static analysis of the "tarot-online" plugin version 1.5.0 reveals a strong adherence to secure coding practices in several key areas. The absence of dangerous functions, file operations, external HTTP requests, and the proper use of prepared statements for all SQL queries are significant strengths. Furthermore, all detected outputs are properly escaped, and there's no evidence of critical or high-severity taint flows. The plugin also exhibits a remarkably small attack surface, with no unprotected entry points identified.

However, the analysis does raise some concerns. The complete lack of nonce checks and capability checks across all entry points is a significant vulnerability. While the current attack surface is small (limited to one shortcode), any future expansion or modification without implementing proper authorization mechanisms could expose the plugin to serious security risks. The vulnerability history shows no prior issues, which is positive, but it doesn't negate the immediate risks present in the current code. Overall, the plugin demonstrates good foundational security but has critical gaps in user authorization that need immediate attention.

Key Concerns

Missing nonce checks on all entry points
Missing capability checks on all entry points

Vulnerabilities

None known

Tarot Online Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Tarot Online Release Timeline

v1.5.0Current

v1.4.0

v1.3.3

v1.3.2

v1.3.1

v1.3

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Tarot Online Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Tarot Online Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[tarot-online] tarot-online.php:253

WordPress Hooks 4

actionwp_headtarot-online.php:13

actionwp_headtarot-online.php:205

actionwp_enqueue_scriptstarot-online.php:213

filterscript_loader_tagtarot-online.php:224

Maintenance & Trust

Tarot Online Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 30, 2024

PHP min version5.6.20

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Tarot Online Alternatives

Tarot, Oracle cards, Tarot readings, Tarokina

tarokina-free

100

The best tarot plugin for wordpress. Intuitive and easy to use. Provides accurate tarot readings.

300 No CVEs

Daily Tarot

daily-tarot

100

Daily Tarot helps you publish, schedule, and share tarot readings on WordPress - perfect for creating a consistent Card of the Day experience.

0 No CVEs

WooCommerce

woocommerce

Everything you need to launch an online store in days and keep it growing for years. From your first sale to millions in revenue, Woo is with you.

7.0M 43 CVEs

SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments

surecart

Make ecommerce easy with a simple-to-use, all-in-one platform that anyone can set up in just a few minutes!

90K 3 CVEs

Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker

quiz-master-next

Create quizzes, surveys, and tests easily on WordPress with this versatile plugin. Perfect for engaging any audience and gathering valuable insights!

40K 62 CVEs

Developer Profile

Tarot Online Developer Profile

Sirius Pro

12 plugins · 1K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tarot Online

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/tarot-online/app.js

HTML / DOM Fingerprints

CSS Classes

tarot-onlinetarot-online-bg-campaign.webptarot-online-logo.webpbackgroundoverlaycampaignboxlogo+2 more

Data Attributes

onpaste="return false;"

Shortcode Output

<img width="2000" height="200" loading="eager" class="background" title="Tarot Online" alt="Tarot Online" src="https://cdn.apitarot.com/public/img/tarot-online-bg-campaign.webp"/>

<div class="overlay"></div><div class="campaign"><div class="box">

FAQ