WP-Safety

TS Collections Security & Risk Analysis

wordpress.org/plugins/ts-collections

TS Collections provide some usefull Wordpress Customizations, filters, actions to make your wordpress experience more smoother and user friendly.

10 active installs v1.0.1 PHP + WP 4.1.1+ Updated May 18, 2016
actionsasync-javascriptcustomizationsfiltersfooter-javascript
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is TS Collections Safe to Use in 2026?

Generally Safe

Score 85/100

TS Collections has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The 'ts-collections' plugin v1.0.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not using dangerous functions, performing all SQL queries using prepared statements, and avoiding file operations and external HTTP requests. The presence of nonce and capability checks, although not comprehensive across all entry points, is a commendable start. However, a significant concern arises from the single AJAX handler which lacks any authentication checks, presenting a direct and unprotected entry point for potential attackers. The low percentage of properly escaped output further exacerbates this risk, as unsanitized data processed through this handler could lead to cross-site scripting (XSS) vulnerabilities.

The vulnerability history for 'ts-collections' is clean, with no recorded CVEs. This is a strong positive indicator that the plugin has historically been secure or that its limited feature set hasn't attracted significant vulnerabilities. However, the lack of historical issues should not overshadow the immediate risks identified in the static analysis. The absence of taint analysis findings is also good, suggesting no immediately obvious critical or high severity data flow issues were detected within the analyzed scope.

In conclusion, while 'ts-collections' has a promising foundation with secure SQL handling and a clean vulnerability record, the unprotected AJAX endpoint is a critical flaw that demands immediate attention. The low output escaping rate further increases the risk of XSS. Addressing these specific code-level concerns should be the priority for improving the plugin's overall security.

Key Concerns

  • AJAX handler without authentication
  • Low output escaping percentage
Vulnerabilities
None known

TS Collections Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

TS Collections Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
2 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

15% escaped13 total outputs
Attack Surface
1 unprotected

TS Collections Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_contentclipsTinymceOptionsclasses\addons\content-clips\classes\contentClipsEditorIcon.php:18
WordPress Hooks 34
filtertlo_settings_default_dataclasses\addons\addasynctojs.php:27
filterclean_urlclasses\addons\addasynctojs.php:34
filtertlo_settings_default_dataclasses\addons\allscriptsinfooter copy.php:27
actionafter_setup_themeclasses\addons\allscriptsinfooter copy.php:34
actionwp_footerclasses\addons\allscriptsinfooter copy.php:44
actionwp_footerclasses\addons\allscriptsinfooter copy.php:45
actionwp_footerclasses\addons\allscriptsinfooter copy.php:46
actionadmin_initclasses\addons\content-clips\classes\contentClipsEditorIcon.php:19
filtermce_external_pluginsclasses\addons\content-clips\classes\contentClipsEditorIcon.php:27
filtermce_buttonsclasses\addons\content-clips\classes\contentClipsEditorIcon.php:28
actioninitclasses\addons\content-clips\classes\contentClipsPostType.php:23
actionsave_postclasses\addons\content-clips\classes\contentClipsPostType.php:24
filterpost_updated_messagesclasses\addons\content-clips\classes\contentClipsPostType.php:27
filtermanage_edit-contentclips_columnsclasses\addons\content-clips\classes\contentClipsPostType.php:28
actionmanage_contentclips_posts_custom_columnclasses\addons\content-clips\classes\contentClipsPostType.php:29
filtertlo_settings_default_dataclasses\addons\content-clips\content-clips.php:25
actionadmin_enqueue_scriptsclasses\addons\content-clips\content-clips.php:45
filtertlo_settings_default_dataclasses\addons\jqueryinfooter.php:27
actionwp_default_scriptsclasses\addons\jqueryinfooter.php:33
filtertlo_settings_default_dataclasses\addons\linktwitterusername.php:27
filterthe_contentclasses\addons\linktwitterusername.php:33
filtercomment_textclasses\addons\linktwitterusername.php:34
filtertlo_settings_default_dataclasses\addons\markcomment.php:27
filterpre_comment_approvedclasses\addons\markcomment.php:33
filtertlo_settings_default_dataclasses\addons\minimumcommentlength.php:27
filterpreprocess_commentclasses\addons\minimumcommentlength.php:33
filtertlo_settings_default_dataclasses\addons\phpintextwidget.php:27
filterwidget_textclasses\addons\phpintextwidget.php:33
filtertlo_settings_default_dataclasses\addons\removeautolinking.php:27
filtertlo_settings_default_dataclasses\addons\removeurlcomment.php:27
filtercomment_form_default_fieldsclasses\addons\removeurlcomment.php:33
actionadmin_initclasses\TheLastOneSettings.php:39
actionadmin_menuclasses\TheLastOneSettings.php:42
actionadmin_enqueue_scriptstscollections.php:31
Maintenance & Trust

TS Collections Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedMay 18, 2016
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

TS Collections Alternatives

Debug Bar Actions and Filters Addon

Debug Bar Actions and Filters Addon

debug-bar-actions-and-filters-addon

A
85

Displays all the hooks( Actions and Filters ) for the current request in Debug Bar panel.

500 No CVEs
FacetWP Manipulator

FacetWP Manipulator

facetwp-manipulator

A
85

FacetWP Manipulator allows you to add code to specific FacetWP filters and Actions to manipulate functionality without hard coding it to the theme.

30 No CVEs
Captain Hooks

Captain Hooks

captain-hooks

A
92

Captain Hooks is a WordPress plugin that provides developers with a comprehensive view of all actions, filters, and shortcodes of their environment.

10 No CVEs
Prioritize Hooks

Prioritize Hooks

prioritize-hooks

A
85

Prioritize Hooks allows the overriding of the priority of various filters and actions hooked by plugins and themes.

10 No CVEs
rtPanel Hooks Editor

rtPanel Hooks Editor

rtpanel-hooks-editor

A
100

This plugin is add-on for [rtPanel Theme Framework](https://wordpress.org/themes/rtpanel "rtPanel Theme Framework") and should be used along …

10 No CVEs
Developer Profile

TS Collections Developer Profile

rktaiwala

3 plugins · 50 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TS Collections

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ts-collections/css/lo.css
Version Parameters
ts-collections/css/lo.css?ver=

HTML / DOM Fingerprints

CSS Classes
title-widgetalertalert-danger
Data Attributes
data-tab
JS Globals
tinymcetinyMCEPopupform_utilse
REST Endpoints
/wp-json/contentclipsTinymceOptions
Shortcode Output
[content_clips
FAQ

Frequently Asked Questions about TS Collections