Does Tipster TAP have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Tipster TAP compatible with WordPress 5.8.13?

According to WordPress.org data, Tipster TAP 4.2.2 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is Tipster TAP updated?

Tipster TAP was last updated on Nov 25, 2021. Frequent updates are generally a positive security signal.

What is Tipster TAP's security score?

Tipster TAP has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tipster TAP Security & Risk Analysis

wordpress.org/plugins/tipster-tap

Manage tipsters and picks.

20 active installs v4.2.2 PHP + WP 5.5+ Updated Nov 25, 2021

pickstipster

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tipster TAP Safe to Use in 2026?

Generally Safe

Score 85/100

Tipster TAP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The plugin 'tipster-tap' v4.2.2 presents a mixed security posture. On the positive side, it shows strong adherence to secure coding practices with a very high percentage of SQL queries utilizing prepared statements and no identified dangerous functions, file operations, or external HTTP requests. The absence of any historical vulnerabilities, critical taint flows, or unpatched CVEs further suggests a history of responsible development. However, a significant concern lies in its attack surface. With a total of two entry points, one of which (an AJAX handler) lacks authentication checks, this represents a direct pathway for potential unauthorized actions if not properly secured at the application level. Furthermore, the low percentage of properly escaped output (27%) indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data could be rendered directly in the browser without proper sanitization.

Key Concerns

AJAX handler without authentication
Low percentage of properly escaped output
Bundled outdated library (DataTables v1.10.16)

Vulnerabilities

None known

Tipster TAP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Tipster TAP Release Timeline

v4.2.1

v4.2.0

Code Analysis

Analyzed Mar 16, 2026

Tipster TAP Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables1.10.16

SQL Query Safety

97% prepared33 total queries

Output Escaping

27% escaped77 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<manage-tipsters> (admin\views\manage-tipsters.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Tipster TAP Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_manage_wp_posts_pick_using_bulk_quick_save_bulk_editadmin\class-tipster-tap-admin.php:86

REST API Routes 1

GET/wp-json/tipster-tap/v4/picks/(?P<tipster>\d+)/(?P<yearmonth>\d{4}-\d{2})includes\TipsterTapREST.php:53

WordPress Hooks 45

actionadmin_enqueue_scriptsadmin\class-tipster-tap-admin.php:70

actionadmin_enqueue_scriptsadmin\class-tipster-tap-admin.php:71

actionadmin_menuadmin\class-tipster-tap-admin.php:74

filtermanage_edit-post_sortable_columnsadmin\class-tipster-tap-admin.php:80

actionmanage_posts_custom_columnadmin\class-tipster-tap-admin.php:81

actionpre_get_postsadmin\class-tipster-tap-admin.php:82

actionbulk_edit_custom_boxadmin\class-tipster-tap-admin.php:83

actionquick_edit_custom_boxadmin\class-tipster-tap-admin.php:84

actionadmin_print_scripts-edit.phpadmin\class-tipster-tap-admin.php:85

actionsave_postadmin\class-tipster-tap-admin.php:87

actionwp_insert_postadmin\class-tipster-tap-admin.php:88

actionbefore_delete_postadmin\class-tipster-tap-admin.php:90

actionadmin_noticesadmin\class-tipster-tap-admin.php:97

filtertipster_tap_update_statisticsadmin\class-tipster-tap-admin.php:100

actiontipster_tap_update_statistics_by_monthadmin\class-tipster-tap-admin.php:101

actiontipster_tap_update_yield_historyadmin\class-tipster-tap-admin.php:102

actiontipster_tap_update_graphic_statisticsadmin\class-tipster-tap-admin.php:103

actiontipster_tap_execute_pick_migrationadmin\class-tipster-tap-admin.php:105

actiontipster_tap_update_tipster_metasadmin\class-tipster-tap-admin.php:106

actiontipster_tap_update_tipster_metasadmin\class-tipster-tap-admin.php:107

actionadmin_headadmin\class-tipster-tap-admin.php:154

actioncmb2_admin_initadmin\includes\meta-boxes.php:35

actioncmb2_admin_initadmin\includes\meta-boxes.php:36

actionadmin_enqueue_scriptsadmin\includes\meta-boxes.php:37

actioninitadmin\includes\post-type-pick.php:47

actioninitadmin\includes\post-type-pick.php:48

filterpost_updated_messagesadmin\includes\post-type-pick.php:51

actioninitincludes\post-type-tipster.php:29

actioninitincludes\post-type-tipster.php:30

filterpost_updated_messagesincludes\post-type-tipster.php:33

actionrest_api_initincludes\TipsterTapREST.php:15

actioninitpublic\class-tipster-tap.php:73

actioncustomize_registerpublic\class-tipster-tap.php:75

actionwpmu_new_blogpublic\class-tipster-tap.php:78

actionwppublic\class-tipster-tap.php:91

actiontipster_tap_hourly_remote_syncpublic\class-tipster-tap.php:92

filtertipster_tap_get_tipster_pickspublic\class-tipster-tap.php:97

filtertipster_tap_get_pickspublic\class-tipster-tap.php:99

actiontipster_tap_get_total_pickspublic\class-tipster-tap.php:100

filtertipster_tap_default_avatarpublic\class-tipster-tap.php:102

actionplugins_loadedtipster-tap.php:56

actionplugins_loadedtipster-tap.php:77

actionplugins_loadedtipster-tap.php:81

actionplugins_loadedtipster-tap.php:87

actionplugins_loadedtipster-tap.php:92

Scheduled Events 1

tipster_tap_hourly_remote_sync

Maintenance & Trust

Tipster TAP Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedNov 25, 2021

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Tipster TAP Alternatives

Epic Tap Widgets

epic-tap-widgets

Widgets collection for TodoApuestas's blog network

20 No CVEs

Pronosticos Apuestas TAP

pronosticos-apuestas-tap

Permite gestionar pronosticos de apuestas

10 No CVEs

WP Wiki Tooltip

wp-wiki-tooltip

Adds explaining tooltips querying their content from a MediaWiki installation, e.g. Wikipedia.org.

200 1 CVE

Rest Client TAP

rest-client-tap

Rest client plugin to TodoApuestas API services

20 No CVEs

Comic Book Management System

comicbookmanagementsystemweeklypicks

Comic Book Management System Weekly Picks allows users to display seven comic book, picks of the week in an animated display.

10 1 CVE

Developer Profile

Tipster TAP Developer Profile

todoapuestas

5 plugins · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tipster TAP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tipster-tap/public/css/tipster-tap.css/wp-content/plugins/tipster-tap/public/js/tipster-tap.js

Script Paths

/wp-content/plugins/tipster-tap/public/js/tipster-tap.js

Version Parameters

tipster-tap.css?ver=tipster-tap.js?ver=

HTML / DOM Fingerprints

CSS Classes

tipster-tap-containertipster-tap-pick-results

HTML Comments

Data Attributes

data-tipster-tap-iddata-tipster-tap-slug

JS Globals

tipsterTapFrontendtipsterTapAdmin

REST Endpoints

/wp-json/tipster-tap/v1/picks/wp-json/tipster-tap/v1/tipsters

Shortcode Output

[tipster_tap_picks][tipster_tap_single_pick][tipster_tap_tipsters]

FAQ