WP-Safety

TP Education Security & Risk Analysis

wordpress.org/plugins/tp-education

Enhance your educational sites more efficiently. Allow user to utilize post types and meta data on your site with TP Education.

900 active installs v4.6 PHP 5.6+ WP 4.7+ Updated May 29, 2025
custom-post-typeeducationmeta-data
100
A · Safe
CVEs total1
Unpatched0
Last CVEMay 3, 2023
Plugin page Download
Safety Verdict

Is TP Education Safe to Use in 2026?

Generally Safe

Score 100/100

TP Education has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 3, 2023Updated 10mo ago
Risk Assessment

The "tp-education" v4.6 plugin exhibits a generally good security posture with several positive indicators. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are commendable. The plugin also demonstrates a strong adherence to security best practices with a high percentage of properly escaped output and the presence of nonce checks for all identified entry points. Taint analysis revealed no critical or high severity vulnerabilities, suggesting no immediate risks from unsanitized data flows within the analyzed code.

However, a significant concern is the complete lack of capability checks on any of its entry points, including AJAX handlers and shortcodes. This indicates a potential for privilege escalation or unauthorized actions if malicious actors can trigger these functions without proper authentication or authorization. While the plugin has a history of one medium severity vulnerability related to Cross-site Scripting, the fact that it is currently unpatched is a notable weakness, as this could leave sites vulnerable to exploitation. The overall risk is moderate; while the code itself appears robust against common vulnerabilities like SQL injection and XSS (due to output escaping and lack of raw SQL), the absence of capability checks presents a significant potential security gap.

Key Concerns

  • No capability checks on entry points
  • One medium severity unpatched CVE
Vulnerabilities
1

TP Education Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-32103medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

TP Education <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes

May 3, 2023 Patched in 4.5 (265d)
Code Analysis
Analyzed Mar 16, 2026

TP Education Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
58
272 escaped
Nonce Checks
10
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

82% escaped330 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
tp_education_like (tp-metabox\class-tp-like-metabox.php:25)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TP Education Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 2

authwp_ajax_tp_education_liketp-metabox\class-tp-like-metabox.php:20
noprivwp_ajax_tp_education_liketp-metabox\class-tp-like-metabox.php:21

Shortcodes 8

[TP_EDUCATION_CLASS] includes\tp-education-shortcode.php:441
[TP_EDUCATION_EVENT] includes\tp-education-shortcode.php:442
[TP_EDUCATION_COURSE] includes\tp-education-shortcode.php:443
[TP_EDUCATION_TEAM] includes\tp-education-shortcode.php:444
[TP_EDUCATION_EXCURSION] includes\tp-education-shortcode.php:445
[TP_EDUCATION_AFFILIATION] includes\tp-education-shortcode.php:446
[TP_EDUCATION_TESTIMONIAL] includes\tp-education-shortcode.php:447
[TP_EDUCATION_SEARCH_TAB] includes\tp-education-shortcode.php:448
WordPress Hooks 90
actiontp_event_date_actionincludes\tp-education-hooks.php:16
actiontp_event_start_time_actionincludes\tp-education-hooks.php:17
actiontp_event_end_time_actionincludes\tp-education-hooks.php:18
actiontp_event_location_actionincludes\tp-education-hooks.php:19
actiontp_class_cost_actionincludes\tp-education-hooks.php:24
actiontp_class_period_actionincludes\tp-education-hooks.php:25
actiontp_class_size_actionincludes\tp-education-hooks.php:26
actiontp_class_age_group_actionincludes\tp-education-hooks.php:27
actiontp_excursion_start_date_actionincludes\tp-education-hooks.php:32
actiontp_excursion_end_date_actionincludes\tp-education-hooks.php:33
actiontp_excursion_location_actionincludes\tp-education-hooks.php:34
actiontp_team_designation_actionincludes\tp-education-hooks.php:39
actiontp_team_email_actionincludes\tp-education-hooks.php:40
actiontp_team_phone_actionincludes\tp-education-hooks.php:41
actiontp_team_skype_actionincludes\tp-education-hooks.php:42
actiontp_team_website_actionincludes\tp-education-hooks.php:43
actiontp_team_courses_actionincludes\tp-education-hooks.php:44
actiontp_team_social_actionincludes\tp-education-hooks.php:45
actiontp_testimonial_rating_actionincludes\tp-education-hooks.php:50
actiontp_testimonial_designation_actionincludes\tp-education-hooks.php:51
actiontp_testimonial_social_actionincludes\tp-education-hooks.php:52
actiontp_course_type_actionincludes\tp-education-hooks.php:57
actiontp_course_duration_actionincludes\tp-education-hooks.php:58
actiontp_course_price_actionincludes\tp-education-hooks.php:59
actiontp_course_students_actionincludes\tp-education-hooks.php:60
actiontp_course_language_actionincludes\tp-education-hooks.php:61
actiontp_course_assessment_actionincludes\tp-education-hooks.php:62
actiontp_course_skills_actionincludes\tp-education-hooks.php:63
actiontp_course_professor_actionincludes\tp-education-hooks.php:64
actiontp_course_counselors_actionincludes\tp-education-hooks.php:65
actiontp_affiliation_link_actionincludes\tp-education-hooks.php:70
actiontp_education_posted_on_actionincludes\tp-education-hooks.php:75
actiongenerate_rewrite_rulesincludes\tp-education-rewrite.php:19
actiongenerate_rewrite_rulesincludes\tp-education-rewrite.php:22
actiongenerate_rewrite_rulesincludes\tp-education-rewrite.php:25
actiongenerate_rewrite_rulesincludes\tp-education-rewrite.php:28
actiongenerate_rewrite_rulesincludes\tp-education-rewrite.php:32
actiongenerate_rewrite_rulesincludes\tp-education-rewrite.php:35
actiongenerate_rewrite_rulesincludes\tp-education-rewrite.php:38
actionadmin_menuincludes\tp-education-setting-page.php:28
actionadmin_initincludes\tp-education-setting-page.php:29
actiontp_education_archive_affiliation_content_actiontemplate-parts\tp-content-affiliation.php:61
actiontp_education_archive_class_content_actiontemplate-parts\tp-content-class.php:9
actiontp_education_archive_course_content_actiontemplate-parts\tp-content-course.php:67
actiontp_education_archive_event_content_actiontemplate-parts\tp-content-event.php:67
actiontp_education_archive_excursion_content_actiontemplate-parts\tp-content-excursion.php:67
actiontp_education_search_content_actiontemplate-parts\tp-content-search.php:9
actiontp_education_single_content_actiontemplate-parts\tp-content-single.php:222
actiontp_education_archive_team_content_actiontemplate-parts\tp-content-team.php:61
actiontp_education_archive_testimonial_content_actiontemplate-parts\tp-content-testimonial.php:9
actiontp_education_related_posts_content_actiontemplate-parts\tp-related-posts.php:153
actiontp_education_search_affiliation_form_actiontemplate-parts\tp-search-tab-affiliation-form.php:43
actiontp_education_search_class_form_actiontemplate-parts\tp-search-tab-class-form.php:43
actiontp_education_search_course_form_actiontemplate-parts\tp-search-tab-course-form.php:43
actiontp_education_search_event_form_actiontemplate-parts\tp-search-tab-event-form.php:44
actiontp_education_search_excursion_form_actiontemplate-parts\tp-search-tab-excursion-form.php:44
actiontp_education_search_team_form_actiontemplate-parts\tp-search-tab-team-form.php:43
actioninittp-education.php:59
actionwidgets_inittp-education.php:265
actionwp_enqueue_scriptstp-education.php:268
actionadmin_enqueue_scriptstp-education.php:271
filtertemplate_includetp-education.php:274
filtertemplate_includetp-education.php:277
filterpre_get_poststp-education.php:280
actionadd_meta_boxestp-metabox\class-tp-affiliation-metabox.php:20
actionsave_posttp-metabox\class-tp-affiliation-metabox.php:21
actionadd_meta_boxestp-metabox\class-tp-classes-metabox.php:20
actionsave_posttp-metabox\class-tp-classes-metabox.php:21
actionadd_meta_boxestp-metabox\class-tp-course-metabox.php:20
actionsave_posttp-metabox\class-tp-course-metabox.php:21
actionadd_meta_boxestp-metabox\class-tp-events-metabox.php:20
actionsave_posttp-metabox\class-tp-events-metabox.php:21
actionadd_meta_boxestp-metabox\class-tp-excursion-metabox.php:20
actionsave_posttp-metabox\class-tp-excursion-metabox.php:21
actionwp_enqueue_scriptstp-metabox\class-tp-like-metabox.php:22
actionadd_meta_boxestp-metabox\class-tp-team-metabox.php:20
actionsave_posttp-metabox\class-tp-team-metabox.php:21
actionadd_meta_boxestp-metabox\class-tp-team-social-metabox.php:20
actionsave_posttp-metabox\class-tp-team-social-metabox.php:21
actionadd_meta_boxestp-metabox\class-tp-testimonial-metabox.php:20
actionsave_posttp-metabox\class-tp-testimonial-metabox.php:21
actionadd_meta_boxestp-metabox\class-tp-testimonial-social-metabox.php:20
actionsave_posttp-metabox\class-tp-testimonial-social-metabox.php:21
actioninittp-post-type\class-tp-affiliation.php:20
actioninittp-post-type\class-tp-classes.php:20
actioninittp-post-type\class-tp-courses.php:20
actioninittp-post-type\class-tp-events.php:21
actioninittp-post-type\class-tp-excursions.php:20
actioninittp-post-type\class-tp-team.php:20
actioninittp-post-type\class-tp-testimonial.php:20
Maintenance & Trust

TP Education Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 29, 2025
PHP min version5.6
Downloads57K

Community Trust

Rating100/100
Number of ratings3
Active installs900
Alternatives

TP Education Alternatives

Education Connect

Education Connect

education-connect

A
85

An essential plugin to increase optimal use of any educational themes.

90 No CVEs
Debug Meta Data

Debug Meta Data

debug-meta-data

B
79

Creates a meta-box with meta-data information of a post for all post types. Information with meta key, meta value and its var_dump

40 1 unpatched
TP Travel Package

TP Travel Package

tp-travel-package

A
85

Enhance your travel sites more efficiently. Allow user to utilize post types and meta data on your site with TP Travel Package.

10 No CVEs
Custom Post Type UI

Custom Post Type UI

custom-post-type-ui

A
93

Admin UI for creating custom content types like post types and taxonomies

1.0M 4 CVEs
Meta Box

Meta Box

meta-box

A
89

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs
Developer Profile

TP Education Developer Profile

themepalace

148 plugins · 15K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect TP Education

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tp-education/tp-assets/css/tp-education-theme.css/wp-content/plugins/tp-education/tp-assets/js/tp-education-scripts.js/wp-content/plugins/tp-education/tp-assets/js/tp-education-custom.js
Script Paths
/wp-content/plugins/tp-education/tp-assets/js/tp-education-scripts.js/wp-content/plugins/tp-education/tp-assets/js/tp-education-custom.js
Version Parameters
tp-education/tp-assets/css/tp-education-theme.css?ver=tp-education/tp-assets/js/tp-education-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
tp-education-sectiontp-courses-archivetp-classes-archivetp-events-archivetp-excursions-archivetp-team-archivetp-testimonial-archivetp-affiliation-archive+7 more
Data Attributes
data-tp_education
JS Globals
tp_education_params
FAQ

Frequently Asked Questions about TP Education