WP-Safety

Ticktify Security & Risk Analysis

wordpress.org/plugins/ticktify

Ticktify Events and Ticket Booking including register events, locations/venue, Google map integration, booking management and stipe payment

0 active installs v1.0.3 PHP 7.2+ WP 5.5+ Updated Feb 4, 2026
bookingseventscheduleticketvenue
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Ticktify Safe to Use in 2026?

Generally Safe

Score 100/100

Ticktify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "ticktify" v1.0.3 plugin presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped outputs and a significant number of nonce checks. The absence of any recorded vulnerabilities or CVEs in its history is a strong indicator of historical stability and developer diligence. Furthermore, the taint analysis revealing no unsanitized paths is excellent, suggesting that user-supplied data is not being directly used in a dangerous way that could lead to code injection or similar critical flaws.

However, there are notable areas of concern. The presence of four AJAX handlers without authentication checks represents a significant attack surface that could be exploited by unauthenticated users. The use of the `unserialize` function, while not inherently a vulnerability, is a known dangerous function that can lead to serious security issues if the serialized data is not properly controlled or validated. Additionally, the SQL query preparation rate, while not critically low, could be improved. The lack of recorded vulnerabilities is positive, but it doesn't negate the risks identified in the static analysis, especially the unprotected AJAX endpoints and the use of `unserialize`.

In conclusion, while "ticktify" v1.0.3 has a strong foundation in terms of output escaping and historical vulnerability absence, the identified static analysis risks, particularly the unprotected AJAX handlers and the use of `unserialize`, require immediate attention. Addressing these specific issues would significantly strengthen the plugin's security posture and mitigate potential attack vectors.

Key Concerns

  • AJAX handlers without auth checks
  • Use of dangerous function: unserialize
  • SQL queries not always prepared
Vulnerabilities
None known

Ticktify Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Ticktify Release Timeline

v1.0.3Current
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

Ticktify Code Analysis

Dangerous Functions
4
Raw SQL Queries
9
8 prepared
Unescaped Output
46
1160 escaped
Nonce Checks
15
Capability Checks
3
File Operations
1
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$event_occuring_date = unserialize($event_date);ui-front\events-list.php:34
unserialize$event_occuring_time = unserialize($event_time);ui-front\events-list.php:41
unserialize$date = unserialize($date);ui-front\single-event.php:86
unserialize$time = unserialize($time);ui-front\single-event.php:97

Bundled Libraries

DataTablesStripe PHP

SQL Query Safety

47% prepared17 total queries

Output Escaping

96% escaped1206 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

6 flows
ticktify_save_cancellation_settings (includes\class-admin.php:178)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Ticktify Attack Surface

Entry Points22
Unprotected4

AJAX Handlers 12

noprivwp_ajax_ticktify_update_booking_statusincludes\class-booking.php:24
authwp_ajax_ticktify_update_booking_statusincludes\class-booking.php:25
noprivwp_ajax_ticktify_remove_cartincludes\class-cart.php:19
authwp_ajax_ticktify_remove_cartincludes\class-cart.php:20
noprivwp_ajax_attendees_modelincludes\class-cart.php:27
authwp_ajax_attendees_modelincludes\class-cart.php:28
noprivwp_ajax_attendees_postincludes\class-cart.php:29
authwp_ajax_attendees_postincludes\class-cart.php:30
noprivwp_ajax_ticktify_booked_free_eventincludes\class-checkout.php:19
authwp_ajax_ticktify_booked_free_eventincludes\class-checkout.php:20
noprivwp_ajax_stripe_paymentincludes\payment\stripe\class-payment-init.php:21
authwp_ajax_stripe_paymentincludes\payment\stripe\class-payment-init.php:22

Shortcodes 10

[events-list] includes\class-event.php:23
[ticktify_login] includes\ec-shortcodes.php:29
[ticktify_lostpassword] includes\ec-shortcodes.php:45
[ticktify_resetpassword] includes\ec-shortcodes.php:61
[ticktify_register] includes\ec-shortcodes.php:76
[ticktify_profile] includes\ec-shortcodes.php:92
[ticktify_cart] includes\ec-shortcodes.php:107
[ticktify_checkout] includes\ec-shortcodes.php:122
[ticktify_thankyou] includes\ec-shortcodes.php:137
[arttime] includes\ec-shortcodes.php:146
WordPress Hooks 66
actionadmin_menuincludes\class-admin.php:31
actionadmin_post_nopriv_ticktify_action_emailincludes\class-admin.php:32
actionadmin_post_save_event_settingsincludes\class-admin.php:35
actionadmin_post_save_pagination_settingsincludes\class-admin.php:38
actionadmin_post_save_payments_settingsincludes\class-admin.php:39
actionadmin_post_save_cancellation_settingsincludes\class-admin.php:40
actionshow_user_profileincludes\class-admin.php:43
actionedit_user_profileincludes\class-admin.php:44
actionpersonal_options_updateincludes\class-admin.php:47
actionedit_user_profile_updateincludes\class-admin.php:48
actioninitincludes\class-artist.php:18
actionadmin_enqueue_scriptsincludes\class-artist.php:24
actionadmin_footerincludes\class-artist.php:25
actionadmin_post_ticktify_action_loginincludes\class-auth.php:23
actionadmin_post_nopriv_ticktify_action_loginincludes\class-auth.php:24
actionadmin_post_ticktify_action_lostpasswordincludes\class-auth.php:25
actionadmin_post_nopriv_ticktify_action_lostpasswordincludes\class-auth.php:26
actionadmin_post_ticktify_action_resetpasswordincludes\class-auth.php:27
actionadmin_post_nopriv_ticktify_action_resetpasswordincludes\class-auth.php:28
actionadmin_post_ticktify_action_registerincludes\class-auth.php:29
actionadmin_post_nopriv_ticktify_action_registerincludes\class-auth.php:30
filterlostpassword_urlincludes\class-auth.php:31
actionwp_logoutincludes\class-auth.php:32
actioninitincludes\class-booking.php:18
actionadd_meta_boxesincludes\class-booking.php:19
filterpost_row_actionsincludes\class-booking.php:20
actionadmin_post_nopriv_ticktify_update_Cartincludes\class-cart.php:21
actionadmin_post_ticktify_update_Cartincludes\class-cart.php:22
actionadmin_post_nopriv_ticktify_action_checkout_callbackincludes\class-cart.php:23
actionadmin_post_ticktify_action_checkout_callbackincludes\class-cart.php:24
actionadmin_post_nopriv_ticktify_add_to_cartincludes\class-cart.php:25
actionadmin_post_ticktify_add_to_cartincludes\class-cart.php:26
actionadmin_menuincludes\class-download-payments.php:18
actionticktify_after_booking_event_cancelincludes\class-email.php:20
actionticktify_after_booking_successincludes\class-email.php:21
actionticktify_after_registeration_successfullyincludes\class-email.php:22
actioninitincludes\class-event.php:18
actionadd_meta_boxesincludes\class-event.php:19
actionadmin_enqueue_scriptsincludes\class-event.php:21
actionwp_enqueue_scriptsincludes\class-event.php:22
filtertemplate_includeincludes\class-event.php:24
filterpost_row_actionsincludes\class-event.php:25
actionadmin_headincludes\class-event.php:26
actionadd_meta_boxesincludes\class-event.php:27
filtermanage_edit-ticktify_venue_columnsincludes\class-event.php:28
filtermanage_edit-ticktify_organizer_columnsincludes\class-event.php:29
filtermanage_edit-ticktify_artist_columnsincludes\class-event.php:30
filtermanage_edit-ticktify_sponsors_columnsincludes\class-event.php:31
actioninitincludes\class-organizer.php:18
actionticktify_profile_tab_contentincludes\class-profile.php:19
actionticktify_profile_tab_content_dashboard_endpointincludes\class-profile.php:21
actionticktify_profile_tab_content_account_details_endpointincludes\class-profile.php:22
actionticktify_profile_tab_content_bookings_endpointincludes\class-profile.php:23
actionadmin_post_nopriv_ticktify_save_account_detailsincludes\class-profile.php:25
actionadmin_post_ticktify_save_account_detailsincludes\class-profile.php:26
actioninitincludes\class-sponsors.php:18
actionadmin_footerincludes\class-sponsors.php:24
actionadmin_enqueue_scriptsincludes\class-sponsors.php:25
actioninitincludes\class-venue.php:18
actionticktify_cart_activatesticktify.php:98
actionticktify_transactions_activatesticktify.php:130
actionticktify_create_pagesticktify.php:251
actionticktify_set_default_settingsticktify.php:277
actionticktify_pagination_registration_default_settingticktify.php:306
actionticktify_cancellation_default_settingsticktify.php:324
actionticktify_notification_default_settingsticktify.php:412
Maintenance & Trust

Ticktify Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version7.2
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Ticktify Alternatives

Events Manager – Calendar, Bookings, Tickets, and more!

Events Manager – Calendar, Bookings, Tickets, and more!

events-manager

B
82

Events calendar with bookings, scheduling, appointments, event registration, tickets, recurring events, and venue management.

70K 34 CVEs
Event Tickets Manager for WooCommerce

Event Tickets Manager for WooCommerce

event-tickets-manager-for-woocommerce

A
99

Use this powerful WordPress event plugin to create and sell events, manage tickets, check-ins, recurring schedules, venues, and attendee details with …

1K 1 CVE
Events Manager – Move Bookings

Events Manager – Move Bookings

stonehenge-em-move-bookings

A
85

Moves an upcoming Booking to different upcoming Event in Events Manager with a simple select dropdown.

60 No CVEs
Event RSVP and Simple Event Management Plugin

Event RSVP and Simple Event Management Plugin

wp-easy-events

A
98

Event management, RSVP and event tickets system with event calendar, event venues with maps and event organizers.

30 2 CVEs
myCred for Events Manager Pro

myCred for Events Manager Pro

mycred-for-events-manager-pro

A
92

📢🚨 Important Notice: myCred for Events Manager Pro is now part of the myCred Toolkit and will no longer receive updates here.

10 No CVEs
Developer Profile

Ticktify Developer Profile

teamzt

3 plugins · 20 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Ticktify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ticktify/assets/css/ticktify.css/wp-content/plugins/ticktify/assets/css/ticktify-responsive.css/wp-content/plugins/ticktify/assets/js/ticktify.js
Script Paths
/wp-content/plugins/ticktify/assets/js/ticktify.js
Version Parameters
ticktify/assets/css/ticktify.css?ver=ticktify/assets/css/ticktify-responsive.css?ver=ticktify/assets/js/ticktify.js?ver=

HTML / DOM Fingerprints

CSS Classes
ticktify_login_formticktify_register_formticktify_lostpassword_formticktify_resetpassword_formticktify_event_booking_formticktify_event_listingticktify-profile-page
Data Attributes
data-ticktify-event-iddata-ticktify-pricedata-ticktify-quantity
JS Globals
ticktify_ajax_object
Shortcode Output
[ticktify_login][ticktify_lostpassword][ticktify_resetpassword][ticktify_register]
FAQ

Frequently Asked Questions about Ticktify