Does Tooltipster have any unpatched vulnerabilities?

No. All known vulnerabilities in Tooltipster have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tooltipster compatible with WordPress 4.0.38?

According to WordPress.org data, Tooltipster 1.2 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Tooltipster updated?

Tooltipster was last updated on Dec 3, 2014. Frequent updates are generally a positive security signal.

What is Tooltipster's security score?

Tooltipster has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tooltipster Security & Risk Analysis

wordpress.org/plugins/tooltipster

Tooltipster is a jquery tooltip plugin. you can use it very easy . you can add custom image , text , title.

100 active installs v1.2 PHP + WP 3.0+ Updated Dec 3, 2014

content-tooltipimage-tooltipjquery-tooltip-wordpress-plugintooltipwordpress-tooltip-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tooltipster Safe to Use in 2026?

Generally Safe

Score 85/100

Tooltipster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The plugin "tooltipster" v1.2 exhibits a generally strong security posture based on the provided static analysis. There are no identified critical or high severity vulnerabilities in the code signals or taint analysis. The complete absence of SQL queries without prepared statements and no file operations or external HTTP requests are positive indicators of secure coding practices. Furthermore, the plugin has no recorded vulnerability history, which suggests a mature and stable codebase.

However, several areas raise significant concerns. The most notable is that 100% of the 7 output operations are not properly escaped. This represents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected through user-supplied data displayed by the plugin. The absence of nonce checks and capability checks on the single shortcode, while not directly flagged as a vulnerability in the static analysis, opens the door for potential privilege escalation or unauthorized execution if the shortcode's functionality were to be exploited.

In conclusion, while "tooltipster" v1.2 benefits from a lack of known vulnerabilities and secure handling of sensitive operations like database queries, the widespread lack of output escaping is a critical weakness that needs immediate attention. The minimal attack surface (one shortcode) is a mitigating factor, but the unescaped outputs create a substantial risk that outweighs the plugin's otherwise clean history and secure core functionalities.

Key Concerns

All output operations are unescaped
Shortcode lacks nonce checks
Shortcode lacks capability checks

Vulnerabilities

None known

Tooltipster Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tooltipster Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped7 total outputs

Attack Surface

Tooltipster Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[tooltip] tooltipster.php:55

WordPress Hooks 1

actionwp_enqueue_scriptstooltipster.php:64

Maintenance & Trust

Tooltipster Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedDec 3, 2014

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings2

Active installs100

Alternatives

Tooltipster Alternatives

MapTip

maptip

MapTip is a jquery tooltip plugin. It is used to display map of a city or place, when mouse is hovered over the city name. It very easy to use.

10 No CVEs

Gravity Booster – Styles & Layouts for Gravity Forms

styles-and-layouts-for-gravity-forms

100

Gravity Booster - Styles and Layouts for Gravity Forms plugin lets you design and style Gravity Forms without CSS coding. You can also use it for addi …

40K No CVEs

Easy Footnotes

easy-footnotes

100

Easy Footnotes lets you quickly and easily add footnotes throughout your WordPress posts using a simple shortcode in the text editor.

8K No CVEs

CM Tooltip Glossary

enhanced-tooltipglossary

Transform jargon into engaging content that boosts SEO, drives engagement, improves conversions, with automatic links and tooltips.

8K 7 CVEs

Tooltips for WordPress

wordpress-tooltips

Add custom tooltip automatically for post's content/title/tag/excerpt/gallery/menu, easily add image / video / audio / social/link tooltips

5K 1 unpatched

Developer Profile

Tooltipster Developer Profile

Md Rukon Shekh

2 plugins · 110 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tooltipster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tooltipster/css/tooltipster.css/wp-content/plugins/tooltipster/js/jquery.tooltipster.min.js/wp-content/plugins/tooltipster/js/tooltipster_active.js

HTML / DOM Fingerprints

CSS Classes

tooltipstertooltipster_content

Data Attributes

data-tooltipster-contentdata-tooltipster-animationdata-tooltipster-positiondata-tooltipster-themedata-tooltipster-triggerdata-tooltipster-speed+2 more

JS Globals

tooltipster_active

Shortcode Output

<div class="tooltipster"<span class="tooltipster_content"><img src="<strong><b>

FAQ