Does WP Post Ticker have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Post Ticker compatible with WordPress 4.4.34?

According to WordPress.org data, WP Post Ticker 1.0.8 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is WP Post Ticker updated?

WP Post Ticker was last updated on Mar 19, 2017. Frequent updates are generally a positive security signal.

What is WP Post Ticker's security score?

WP Post Ticker has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Post Ticker Security & Risk Analysis

wordpress.org/plugins/wp-post-ticker

Creates an easy to use post ticker that slides through the selected posts via shortcode and widget area.

10 active installs v1.0.8 PHP + WP 3.7+ Updated Mar 19, 2017

news-slidernews-tickerpost-sliderpost-tickerticker

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Post Ticker Safe to Use in 2026?

Generally Safe

Score 85/100

WP Post Ticker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The wp-post-ticker v1.0.8 plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries, performing several capability checks, and having no known vulnerabilities in its history, there are significant areas of concern. The presence of a dangerous `unserialize` function and an unprotected AJAX handler represent potential entry points for malicious activity. The low percentage of properly escaped output is particularly worrying, suggesting a high likelihood of cross-site scripting (XSS) vulnerabilities.

The lack of taint analysis flows is not necessarily a positive indicator but rather a neutral one in this context, as it doesn't rule out vulnerabilities. The plugin's vulnerability history is clean, which is a strong positive, implying a potential for careful development. However, the static analysis findings, especially the unprotected AJAX endpoint and the `unserialize` function, suggest that the plugin's security is not as robust as its clean history might initially suggest.

In conclusion, while the plugin benefits from a clean vulnerability record and secure SQL handling, the identified unprotected AJAX handler and the presence of `unserialize` coupled with poor output escaping significantly elevate the risk. These issues require immediate attention to mitigate potential security breaches, particularly XSS and arbitrary code execution.

Key Concerns

AJAX handler without auth check
Dangerous function: unserialize used
Low percentage of properly escaped output

Vulnerabilities

None known

WP Post Ticker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Post Ticker Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

WP Post Ticker Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$wppt_cat = unserialize( $wppt_cat[0] );public\partials\wp-post-ticker-public-display.php:51

unserialize$wppt_filter_auth = unserialize( $wppt_filter_auth[0] );public\partials\wp-post-ticker-public-display.php:52

Output Escaping

22% escaped97 total outputs

Attack Surface

1 unprotected

WP Post Ticker Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_bsm_portfolio_dismiss_pro_noticeincludes\class-wp-post-ticker.php:147

Shortcodes 1

[wppt] public\class-wp-post-ticker-public.php:68

WordPress Hooks 18

actionplugins_loadedincludes\class-wp-post-ticker.php:127

actionadmin_enqueue_scriptsincludes\class-wp-post-ticker.php:142

actionadmin_enqueue_scriptsincludes\class-wp-post-ticker.php:143

actionadmin_menuincludes\class-wp-post-ticker.php:144

actioninitincludes\class-wp-post-ticker.php:145

actionwp_loginincludes\class-wp-post-ticker.php:146

actionadd_meta_boxesincludes\class-wp-post-ticker.php:148

actionsave_postincludes\class-wp-post-ticker.php:149

actionsave_post_wppt_post_tickerincludes\class-wp-post-ticker.php:150

actionadmin_initincludes\class-wp-post-ticker.php:151

actionwidgets_initincludes\class-wp-post-ticker.php:152

filtermanage_wppt_post_ticker_posts_columnsincludes\class-wp-post-ticker.php:153

actionmanage_wppt_post_ticker_posts_custom_columnincludes\class-wp-post-ticker.php:154

actionadmin_noticesincludes\class-wp-post-ticker.php:156

actionadmin_noticesincludes\class-wp-post-ticker.php:159

actionwp_enqueue_scriptsincludes\class-wp-post-ticker.php:174

actionwp_enqueue_scriptsincludes\class-wp-post-ticker.php:175

actioninitincludes\class-wp-post-ticker.php:176

Maintenance & Trust

WP Post Ticker Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedMar 19, 2017

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Post Ticker Alternatives

Ditty – Responsive News Tickers, Sliders, and Lists

ditty-news-ticker

Ditty offers a range of content display options, including its signature news ticker and customizable layouts.

30K 14 CVEs

News Ticker Widget for Elementor

news-ticker-widget-for-elementor

News ticker widget for elementor helps you showcase your latest news/posts in a marquee or slider format.

4K 1 CVE

Advanced Marquee Effect for Elementor

advanced-marquee-effect

100

Create smooth logo sliders, post sliders, and testimonial carousels in Elementor. No coding required.

2K No CVEs

News Ticker for Elementor

news-ticker-for-elementor

News icker for Elementor lets you add news ticker with the Elementor Page builder.You can use any of your blog post as news ticker.

2K 1 unpatched

Post Ticker Ultimate

ticker-ultimate

100

Add and display horizontal or vertical post ticker on website that work with WordPress posts with the help of shortcode or Gutenberg block.

1K No CVEs

Developer Profile

WP Post Ticker Developer Profile

WebSPI

8 plugins · 470 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Post Ticker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-post-ticker/assets/css/wp-post-ticker-admin.css/wp-content/plugins/wp-post-ticker/assets/css/jquery.minicolors.css/wp-content/plugins/wp-post-ticker/assets/css/font-awesome.min.css/wp-content/plugins/wp-post-ticker/assets/js/wp-post-ticker-admin.js/wp-content/plugins/wp-post-ticker/assets/js/jquery.minicolors.min.js

Script Paths

/wp-content/plugins/wp-post-ticker/assets/js/wp-post-ticker-admin.js/wp-content/plugins/wp-post-ticker/assets/js/jquery.minicolors.min.js

Version Parameters

wp-post-ticker/assets/css/wp-post-ticker-admin.css?ver=wp-post-ticker/assets/css/jquery.minicolors.css?ver=wp-post-ticker/assets/css/font-awesome.min.css?ver=wp-post-ticker/assets/js/wp-post-ticker-admin.js?ver=wp-post-ticker/assets/js/jquery.minicolors.min.js?ver=

HTML / DOM Fingerprints

JS Globals

wppt_admin_localized

FAQ