Does Tipi Components have any unpatched vulnerabilities?

No. All known vulnerabilities in Tipi Components have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tipi Components compatible with WordPress 4.7.32?

According to WordPress.org data, Tipi Components 1.0 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Tipi Components updated?

Tipi Components was last updated on Feb 4, 2017. Frequent updates are generally a positive security signal.

What is Tipi Components's security score?

Tipi Components has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tipi Components Security & Risk Analysis

wordpress.org/plugins/tipi-components

Tipi Components is a lightweight plugin to add some handy extra tools to your site.

10 active installs v1.0 PHP + WP 4.0+ Updated Feb 4, 2017

dividermodern-buttonsmodern-dropcapsresponsive-columnsshortcodes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tipi Components Safe to Use in 2026?

Generally Safe

Score 85/100

Tipi Components has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The tipi-components v1.0 plugin exhibits a generally good security posture with some significant concerns. The absence of SQL queries without prepared statements and 100% proper output escaping are strong indicators of good development practices. Furthermore, the plugin has no recorded vulnerabilities, which suggests a history of stable and secure code. However, the presence of an unprotected AJAX handler is a critical risk. This entry point allows unauthenticated users to trigger potentially malicious actions or expose sensitive information, especially given the two identified taint flows with unsanitized paths. While the taint analysis did not yield critical or high severity findings, the lack of sanitization on these flows is concerning, as it could be exploited in conjunction with the unprotected AJAX handler. The plugin also lacks nonce checks on its AJAX handler, further increasing its susceptibility to Cross-Site Request Forgery (CSRF) attacks.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths (2 flows)
AJAX handler without nonce checks

Vulnerabilities

None known

Tipi Components Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tipi Components Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

86 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped86 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

tipi_components_box (admin\class-tipi-components-button.php:93)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Tipi Components Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 1

authwp_ajax_tipi_components_buttons_insert_dialogadmin\class-tipi-components-button.php:57

Shortcodes 4

[tipi_button] inc\class-tipi-components.php:80

[tipi_divider] inc\class-tipi-components.php:81

[tipi_dropcap] inc\class-tipi-components.php:82

[tipi_column] inc\class-tipi-components.php:83

WordPress Hooks 6

filtermce_external_pluginsadmin\class-tipi-components-button.php:55

filtermce_buttonsadmin\class-tipi-components-button.php:56

actionadmin_enqueue_scriptsinc\class-tipi-components.php:62

actionadmin_initinc\class-tipi-components.php:65

actionwp_enqueue_scriptsinc\class-tipi-components.php:77

filtermce_external_languagesinc\class-tipi-components.php:95

Maintenance & Trust

Tipi Components Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedFeb 4, 2017

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Tipi Components Alternatives

Column Shortcodes

column-shortcodes

Adds shortcodes to easily create columns in your posts or pages.

60K No CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Futurio Extra

futurio-extra

Futurio Extra add extra features to Futurio theme like widgets, WooCommerce options, Elementor widgets, one click demo import and much more.

20K 7 CVEs

ND Shortcodes

nd-shortcodes

The plugin adds some useful components to your page builder ( Elementor or WP Bakery Page Builder ). All components are full responsive and retina rea …

20K 5 CVEs

Contact Form 7 Shortcode Enabler

contact-form-7-shortcode-enabler

This plugin enables the usage of external shortcodes inside Contact Form 7 Forms.

10K No CVEs

Developer Profile

Tipi Components Developer Profile

codetipi

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tipi Components

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tipi-components/assets/css/admin-style.min.css/wp-content/plugins/tipi-components/assets/fonts/style.css/wp-content/plugins/tipi-components/assets/css/style.min.css

Version Parameters

tipi-components/assets/css/admin-style.min.css?ver=tipi-components/assets/fonts/style.css?ver=tipi-components/assets/css/style.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

tipi-divider

Shortcode Output

[tipi_button][tipi_divider][tipi_dropcap][tipi_column]

FAQ