Does TooltipGlossary have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is TooltipGlossary compatible with WordPress 3.0.5?

According to WordPress.org data, TooltipGlossary 1.2 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is TooltipGlossary updated?

TooltipGlossary was last updated on Jun 23, 2010. Frequent updates are generally a positive security signal.

What is TooltipGlossary's security score?

TooltipGlossary has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TooltipGlossary Security & Risk Analysis

wordpress.org/plugins/tooltipglossary

Parses posts for defined glossary terms and adds links to the static glossary page containing the definition and a tooltip with the definition.

30 active installs v1.2 PHP + WP 3.0+ Updated Jun 23, 2010

definitionsglossarypagespoststooltip

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TooltipGlossary Safe to Use in 2026?

Generally Safe

Score 85/100

TooltipGlossary has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The tooltipglossary v1.2 plugin exhibits a mixed security posture. On one hand, the absence of known vulnerabilities and CVEs, along with the lack of dangerous functions and file operations, suggests a generally well-maintained and less actively exploited codebase. The plugin also correctly utilizes prepared statements for its SQL queries, which is a strong security practice. However, a significant concern arises from the static analysis, specifically the output escaping. With 100% of its outputs being unescaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Even though the taint analysis shows no critical or high severity flows, the potential for XSS due to unescaped output is a serious flaw that could be exploited if user-controlled data is ever reflected directly in the output without sanitization. The plugin's attack surface is currently zero, which is excellent, but the unescaped output remains a critical weakness that overshadows the other positive findings.

Key Concerns

All outputs are unescaped

Vulnerabilities

None known

TooltipGlossary Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

TooltipGlossary Release Timeline

v1.3

v1.2Current

v1.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

TooltipGlossary Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

glossary_options (glossary.php:157)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

TooltipGlossary Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actioninitglossary.php:52

actionwp_print_scriptsglossary.php:61

actionwp_print_stylesglossary.php:67

filterthe_contentglossary.php:111

filterthe_contentglossary.php:147

actionadmin_menuglossary.php:151

Maintenance & Trust

TooltipGlossary Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedJun 23, 2010

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

TooltipGlossary Alternatives

Glossary

automatic-glossary

Given a collection of glossary definition pages, automatically creates links in your page and post content for the words in your glossary.

10 No CVEs

mowsterGlossary

mowster-glossary

Allows to manage and display a glossary in WordPress.

10 No CVEs

Duplicate Post

copy-delete-posts

Duplicate post

300K 2 CVEs

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs

CMS Tree Page View

cms-tree-page-view

Adds a tree view of all pages & custom posts. Get a great overview + options to drag & drop to reorder & option to add multiple pages.

50K 3 CVEs

Developer Profile

TooltipGlossary Developer Profile

jatls

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TooltipGlossary

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tooltipglossary/tooltip.js/wp-content/plugins/tooltipglossary/tooltip.css

Script Paths

tooltip.js

HTML / DOM Fingerprints

CSS Classes

glossaryLinkglossaryLinkMain

Data Attributes

onmouseoveronmouseout

JS Globals

tooltip

FAQ