WP-Safety

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Security & Risk Analysis

wordpress.org/plugins/wp-top-news

Create and display news in various layouts like Grid, List, Ticker etc. from internal, external and rss sources.

800 active installs v2.4.3 PHP 7.2+ WP 5.4+ Updated Oct 23, 2025
breaking-newsnewsnews-headlinesnews-tickerrss-feed
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Safe to Use in 2026?

Generally Safe

Score 100/100

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The wp-top-news plugin, version 2.4.3, exhibits a generally good security posture with no recorded vulnerabilities and a low attack surface. The plugin demonstrates strong adherence to secure coding practices by exclusively using prepared statements for all SQL queries, which significantly mitigates the risk of SQL injection. Furthermore, the presence of a substantial number of nonce and capability checks indicates an effort to protect against cross-site request forgery and unauthorized access, respectively.

However, a notable concern arises from the output escaping, where only 41% of outputs are properly escaped. This represents a significant risk of cross-site scripting (XSS) vulnerabilities, as unescaped user-supplied data could be rendered directly in the browser, allowing attackers to inject malicious scripts. While taint analysis found no unsanitized paths, the high percentage of unescaped output is a glaring weakness that needs immediate attention. The bundled Freemius library, although not specified by version, is also a potential area of concern if it is outdated and contains known vulnerabilities.

In conclusion, while the plugin's core functionalities appear secure with no known CVEs and robust SQL handling, the inadequate output escaping presents a critical vulnerability. The absence of recorded vulnerabilities historically is positive, but it doesn't negate the present risks identified in the code analysis. Addressing the unescaped output is paramount to improving the plugin's security.

Key Concerns

  • Insufficient output escaping
  • Bundled Freemius library (potential outdatedness)
Vulnerabilities
None known

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
64
44 escaped
Nonce Checks
8
Capability Checks
4
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared6 total queries

Output Escaping

41% escaped108 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
<api-settings> (admin\view\api-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[wp_top_news] front\cls-top-news-front.php:63
[wtn_news] front\cls-top-news-front.php:64
WordPress Hooks 13
actioninitinc\cls-top-news-master.php:27
actionadmin_enqueue_scriptsinc\cls-top-news-master.php:48
actioninitinc\cls-top-news-master.php:49
actionadmin_menuinc\cls-top-news-master.php:50
actioninitinc\cls-top-news-master.php:51
actionadd_meta_boxesinc\cls-top-news-master.php:52
actionsave_postinc\cls-top-news-master.php:53
actionwp_enqueue_scriptsinc\cls-top-news-master.php:58
actionwidgets_initinc\cls-top-news-master.php:65
actionload-widgets.phpwidget\cls-top-news-widget.php:14
actioninitwp-top-news.php:52
filterwidget_textwp-top-news.php:61
actionafter_uninstallwp-top-news.php:79
Maintenance & Trust

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 23, 2025
PHP min version7.2
Downloads35K

Community Trust

Rating100/100
Number of ratings7
Active installs800
Alternatives

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Alternatives

T4B News Ticker – Responsive News Scroller, Slider, and Animations

T4B News Ticker – Responsive News Scroller, Slider, and Animations

t4b-news-ticker

A
100

T4B News Ticker is a flexible and user-friendly news ticker plugin for WordPress, designed to create horizontal news tickers with 4 unique animations.

7K No CVEs
News Ticker Widget for Elementor

News Ticker Widget for Elementor

news-ticker-widget-for-elementor

A
99

News ticker widget for elementor helps you showcase your latest news/posts in a marquee or slider format.

4K 1 CVE
Live News – Responsive News Ticker

Live News – Responsive News Ticker

live-news-lite

A
100

Generate a news ticker to communicate the latest updates, including financial news, weather warnings, election results, sports scores, and more.

3K 1 CVE
PJ News Ticker

PJ News Ticker

pj-news-ticker

A
100

PJ News Ticker is a small plugin that shows your most recent posts in a marquee style.

3K 1 CVE
Simple Posts Ticker – Easy, Lightweight & Flexible

Simple Posts Ticker – Easy, Lightweight & Flexible

simple-posts-ticker

B
84

The Simple Posts Ticker plugin is a small tool that shows your most recent posts in a marquee style.

2K 2 CVEs
Developer Profile

TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Developer Profile

Hossni Mubarak

13 plugins · 8K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
146 days
View full developer profile
Detection Fingerprints

How We Detect TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-top-news/assets/css/fontawesome/css/all.min.css/wp-content/plugins/wp-top-news/assets/css/fontawesome-iconpicker.min.css/wp-content/plugins/wp-top-news/assets/css/wtn-admin.css/wp-content/plugins/wp-top-news/assets/js/fontawesome-iconpicker.min.js/wp-content/plugins/wp-top-news/assets/js/wtn-admin.js
Script Paths
/wp-content/plugins/wp-top-news/assets/js/fontawesome-iconpicker.min.js/wp-content/plugins/wp-top-news/assets/js/wtn-admin.js
Version Parameters
wp-top-news/style.css?ver=wp-top-news/assets/css/fontawesome/css/all.min.css?ver=wp-top-news/assets/css/fontawesome-iconpicker.min.css?ver=wp-top-news/assets/css/wtn-admin.css?ver=wp-top-news/assets/js/fontawesome-iconpicker.min.js?ver=wp-top-news/assets/js/wtn-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
cls-top-news-settings-wrapcls-top-news-content-wrapcls-top-news-header-wrapcls-top-news-content-areacls-top-news-admin-page-wrap
HTML Comments
<!-- Admin Panel Parent Class --><!-- Loading admin panel styles --><!-- Loading the admin menu --><!-- Function For Loading News Custom Post Type -->+20 more
Data Attributes
data-wtn-iddata-wtn-settings-nonce
JS Globals
wtn_admin_params
REST Endpoints
/wp-json/wp-top-news/v1/get_news
FAQ

Frequently Asked Questions about TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More