WP-Safety

Tip of the Day Security & Risk Analysis

wordpress.org/plugins/tip-of-the-day

Tip of The Day is a plugin that display random tips, quotes, polls... for your users, in a widget.

10 active installs v0.1 PHP + WP + Updated Unknown
buddypresspollsrandomtiptips
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Tip of the Day Safe to Use in 2026?

Generally Safe

Score 100/100

Tip of the Day has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The tip-of-the-day plugin, version 0.1, exhibits a concerning security posture due to a significant number of unprotected entry points. All three identified AJAX handlers lack authentication checks, creating a wide attack surface for unauthorized actions. While the plugin uses prepared statements for its SQL queries, indicating good practice in that area, the lack of any capability checks on its AJAX endpoints is a critical oversight. The presence of a dangerous `create_function` usage is also a red flag, as it can lead to code injection vulnerabilities if not handled with extreme caution. Furthermore, a low percentage of output escaping (26%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history is clean, with no recorded CVEs, which is positive. However, this absence of historical issues should not be interpreted as a guarantee of future security, especially given the current code analysis findings. Overall, the plugin shows some positive signs like prepared SQL statements, but the substantial number of unprotected AJAX endpoints, high risk of XSS, and the use of a dangerous function overshadow these strengths, demanding immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without capability checks
  • Low percentage of output escaping
  • Dangerous function usage (create_function)
Vulnerabilities
None known

Tip of the Day Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Tip of the Day Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
35
12 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("TOTD_Widget");'));includes\totd-widgets.php:76

SQL Query Safety

100% prepared2 total queries

Output Escaping

26% escaped47 total outputs
Attack Surface
3 unprotected

Tip of the Day Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_totd_next_tipincludes\totd-ajax.php:35
authwp_ajax_totd_answer_tip_questionincludes\totd-ajax.php:36
authwp_ajax_totd_hide_tip_foreverincludes\totd-ajax.php:37
WordPress Hooks 20
actionadmin_menuadmin\totd-admin.php:228
actionadmin_initadmin\totd-admin.php:229
actioninitadmin\totd-admin.php:231
actiontotd_activateincludes\totd-core.php:34
filtertotd_the_tips_query_argsincludes\totd-core.php:86
filtermanage_edit-totd_columnsincludes\totd-post-type.php:49
actionmanage_posts_custom_columnincludes\totd-post-type.php:51
actionadmin_initincludes\totd-post-type.php:52
filterpost_classincludes\totd-post-type.php:55
filteradd_menu_classesincludes\totd-post-type.php:57
filterpub_priv_sql_capabilityincludes\totd-post-type.php:58
actiontotd_action_pre_add_formincludes\totd-post-type.php:61
actionwp_insert_postincludes\totd-post-type.php:63
actioninitincludes\totd-post-type.php:288
actionwp_print_stylesincludes\totd-widgets.php:11
actionwp_print_stylesincludes\totd-widgets.php:12
actionwp_headincludes\totd-widgets.php:13
actionwidgets_initincludes\totd-widgets.php:76
actionbp_initloader.php:48
filterplugin_action_linksloader.php:77
Maintenance & Trust

Tip of the Day Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedUnknown
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Tip of the Day Alternatives

Gravity Booster – Styles & Layouts for Gravity Forms

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

A
100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs
Easy Footnotes

Easy Footnotes

easy-footnotes

A
100

Easy Footnotes lets you quickly and easily add footnotes throughout your WordPress posts using a simple shortcode in the text editor.

8K No CVEs
Hide Tooltips on Hover – Clean Up Title Attributes Without Losing Accessibility

Hide Tooltips on Hover – Clean Up Title Attributes Without Losing Accessibility

hide-titles-on-hover

A
100

Hide browser tooltips on hover while preserving accessibility for screen readers.

3K No CVEs
Text Hover

Text Hover

text-hover

A
85

Add hover text (aka tooltips) to content in posts. Handy for providing explanations of names, terms, phrases, abbreviations, and acronyms.

2K 1 CVE
WPC Order Tip for WooCommerce

WPC Order Tip for WooCommerce

wpc-order-tip

A
100

WPC Order Tip is a plugin that enables customers to add extra amounts to their order as a tip or donation to the seller or specified recipients.

1K No CVEs
Developer Profile

Tip of the Day Developer Profile

grosbouff

16 plugins · 380 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tip of the Day

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tip-of-the-day/

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Tip of the Day