Tickset Security & Risk Analysis
wordpress.org/plugins/ticksetShow Tickset events on your website
Is Tickset Safe to Use in 2026?
Generally Safe
Score 85/100Tickset has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "tickset" v2.0 plugin exhibits a mixed security posture. On the positive side, it has a relatively small attack surface with no unprotected entry points identified in the static analysis. Furthermore, there is no known vulnerability history, suggesting a good track record or minimal public exposure. The presence of capability checks and the avoidance of dangerous functions are also positive indicators.
However, there are significant concerns. The most critical finding is the presence of a taint flow with unsanitized paths, despite not being flagged as critical or high severity. This indicates a potential for malicious input to reach sensitive parts of the code without proper cleaning, which could lead to unintended behavior or vulnerabilities. Additionally, the plugin uses raw SQL queries without prepared statements. While there is only one such query, this practice is inherently risky and can be a vector for SQL injection vulnerabilities. The low percentage of properly escaped output also raises concerns about potential cross-site scripting (XSS) vulnerabilities.
Overall, while the plugin has some strengths like a controlled attack surface and no known CVEs, the identified taint flow with unsanitized paths and the use of raw SQL queries are serious weaknesses that warrant attention. The low rate of output escaping also contributes to a less secure profile. Addressing these specific code-level risks should be a priority to improve the plugin's security.
Key Concerns
- Unsanitized paths in taint flow
- SQL query not using prepared statements
- Low percentage of properly escaped output
Tickset Security Vulnerabilities
Tickset Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Tickset Attack Surface
REST API Routes 3
Shortcodes 2
WordPress Hooks 8
Maintenance & Trust
Tickset Maintenance & Trust
Maintenance Signals
Community Trust
Tickset Alternatives
WP Events Manager
wp-events-manager
The all in one Events Manager for WordPress: create and manage events, sell event tickets online easily. No Coding Required.
Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform
sugar-calendar-lite
Easily manage events and sell tickets on your WordPress site. Sugar Calendar is easy-to-use, reliable, and exceptionally powerful. See for yourself.
EventON – Events Calendar
eventon-lite
Create beautiful, responsive event calendars with unlimited events, repeating schedules, virtual support, and a sleek minimal design!
WP Events Manager WooCommerce
wp-events-manager-woocommerce-payment-methods-integration
WP Events Manager Woocommerce Plugin - Support paying for booking of WP Events Manager plugin with the payment system provided by WooCommerce.
Wild Apricot Login
wild-apricot-login
Provides single sign-on service for Wild Apricot members to provide access to restricted Wild Apricot content.
Tickset Developer Profile
6 plugins · 6K total installs
How We Detect Tickset
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/tickset/assets/one.svg/wp-content/plugins/tickset/assets/two.svg/wp-content/plugins/tickset/assets/three.svg/wp-content/plugins/tickset/assets/four.svg/wp-content/plugins/tickset/assets/screenshot-api-key.png/wp-content/plugins/tickset/assets/gutenberg.pngHTML / DOM Fingerprints
tickset-onboarding-steptickset-buttonscreenshot-wrappertickset-creditstickset-noticetickset-containertickset-container-leftdata-v-883a194dwindow.tickset[tickset event_id=\"[tickset_list]