Does Tumblr Ajax have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Tumblr Ajax compatible with WordPress 4.3.34?

According to WordPress.org data, Tumblr Ajax 1.2 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Tumblr Ajax updated?

Tumblr Ajax was last updated on Oct 4, 2015. Frequent updates are generally a positive security signal.

What is Tumblr Ajax's security score?

Tumblr Ajax has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tumblr Ajax Security & Risk Analysis

wordpress.org/plugins/tumblr-ajax

Display Tumblr posts via AJAX / Javascript / Client-side HTML requests

10 active installs v1.2 PHP + WP 2.8+ Updated Oct 4, 2015

ajaxjavascriptjquerypicturestumblr

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tumblr Ajax Safe to Use in 2026?

Generally Safe

Score 85/100

Tumblr Ajax has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The static analysis of tumblr-ajax v1.2 reveals a generally positive security posture with no identified critical vulnerabilities in the code. The plugin reports zero AJAX handlers, REST API routes, shortcodes, or cron events, indicating a very small attack surface. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests is commendable. The use of prepared statements for all SQL queries is a strong indicator of good database security practices. However, a significant concern arises from the lack of any nonce or capability checks. This means that any potential entry points, though currently non-existent according to the analysis, would not be protected by WordPress's built-in security mechanisms. The 47% rate of properly escaped output, while not ideal, is not a critical flaw in the absence of exploitable entry points. The vulnerability history being entirely clear suggests a history of secure development or a lack of past scrutiny, but it doesn't negate the present code concerns.

Key Concerns

No Nonce checks detected
No Capability checks detected
Output escaping is not fully implemented

Vulnerabilities

None known

Tumblr Ajax Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Tumblr Ajax Release Timeline

v1.2Current

v1.0

Code Analysis

Analyzed Mar 17, 2026

Tumblr Ajax Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

47% escaped47 total outputs

Attack Surface

Tumblr Ajax Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionwp_enqueue_scriptstumblr-ajax.php:49

actionwidgets_inittumblr-ajax.php:371

Maintenance & Trust

Tumblr Ajax Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedOct 4, 2015

PHP min version

Downloads3K

Community Trust

Rating60/100

Number of ratings2

Active installs10

Alternatives

Tumblr Ajax Alternatives

Contact Dialog

contact-dialog

Enables display of an AJAX driven contact form when a user clicks on links with a specified class.

10 No CVEs

WDP AJAX Comments

wdp-ajax-comments

This plugin will enable AJAX comment posting on your WordPress blog.

10 No CVEs

NMR jsGrid

nmr-jsgrid

Add jsGrid http://js-grid.com tables to your website using the shortcode: [nmr_jsgrid id='your-grid-name'].

0 No CVEs

Enable jQuery Migrate Helper

enable-jquery-migrate-helper

Get information about calls to deprecated jQuery features in plugins or themes.

80K 1 unpatched

jQuery Updater

jquery-updater

100

This plugin updates jQuery to the latest stable version on your website.

20K No CVEs

Developer Profile

Tumblr Ajax Developer Profile

Humphrey Aaron

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tumblr Ajax

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tumblr-ajax/default.css

Script Paths

/wp-content/plugins/tumblr-ajax/tumblr-ajax.js

Version Parameters

tumblr-ajax/default.css?ver=tumblr-ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes

tumblr-ajax-containerrunning_ajax

Data Attributes

id="tumblr_ajax_sel_posts_count"name="tumblr_ajax_sel_posts_count"id="tumblr_ajax_sel_post_link"name="tumblr_ajax_sel_post_link"id="tumblr_ajax_sel_errors"name="tumblr_ajax_sel_errors"+23 more

JS Globals

var tumblr_ajax_load

FAQ