Does WP Wiki Tooltip have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Wiki Tooltip have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Wiki Tooltip compatible with WordPress 6.8.5?

According to WordPress.org data, WP Wiki Tooltip 2.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Wiki Tooltip updated?

WP Wiki Tooltip was last updated on Aug 10, 2025. Frequent updates are generally a positive security signal.

What is WP Wiki Tooltip's security score?

WP Wiki Tooltip has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Wiki Tooltip Security & Risk Analysis

wordpress.org/plugins/wp-wiki-tooltip

Adds explaining tooltips querying their content from a MediaWiki installation, e.g. Wikipedia.org.

200 active installs v2.1.1 PHP + WP 3.0+ Updated Aug 10, 2025

mediawikitooltiptooltipsterwikiwikipedia

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 18, 2025

Plugin page Download

Safety Verdict

Is WP Wiki Tooltip Safe to Use in 2026?

Generally Safe

Score 99/100

WP Wiki Tooltip has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 18, 2025Updated 7mo ago

Risk Assessment

The wp-wiki-tooltip plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and having no file operations or bundled libraries, which are common sources of vulnerabilities. The absence of critical or high-severity taint flows, along with a significant percentage of properly escaped output, suggests a reasonable level of sanitization in core functionality.

However, significant security concerns arise from the attack surface. The plugin exposes 4 AJAX handlers without authentication checks, representing a substantial entry point for unauthenticated attackers. While taint analysis didn't reveal critical or high severity issues, the presence of unsanitized paths in taint flows warrants attention, as these could potentially be exploited. The vulnerability history, though showing no currently unpatched CVEs, indicates a past medium-severity vulnerability related to Cross-site Scripting, suggesting that input validation and output escaping, while generally good, may have had historical weaknesses.

In conclusion, while the plugin has strengths in its handling of SQL and output escaping, the lack of authentication on a significant portion of its AJAX endpoints is a critical weakness. This, combined with past XSS vulnerabilities, suggests a moderate risk profile. The developer should prioritize implementing proper authentication and capability checks on all AJAX handlers to mitigate these risks effectively.

Key Concerns

AJAX handlers without auth checks
Unsanitized paths in taint flows
Past medium severity XSS vulnerability
75% output escaping, not 100%

Vulnerabilities

WP Wiki Tooltip Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-13462medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Wiki Tooltip <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 18, 2025 Patched in 2.1.0 (174d)

Code Analysis

Analyzed Mar 16, 2026

WP Wiki Tooltip Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

137 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped182 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

ajax_get_wiki_page (class.wp-wiki-tooltip-comm.php:57)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

WP Wiki Tooltip Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_get_wiki_pageclass.wp-wiki-tooltip-admin.php:23

noprivwp_ajax_get_wiki_pageclass.wp-wiki-tooltip-admin.php:24

authwp_ajax_test_wiki_urlclass.wp-wiki-tooltip-admin.php:25

noprivwp_ajax_test_wiki_urlclass.wp-wiki-tooltip-admin.php:26

Shortcodes 1

[wiki] class.wp-wiki-tooltip.php:16

WordPress Hooks 15

actionenqueue_block_assetsclass.wp-wiki-tooltip-admin.php:12

actionadmin_menuclass.wp-wiki-tooltip-admin.php:15

actionadmin_initclass.wp-wiki-tooltip-admin.php:16

actionadmin_initclass.wp-wiki-tooltip-admin.php:17

actionadmin_initclass.wp-wiki-tooltip-admin.php:18

actionadmin_initclass.wp-wiki-tooltip-admin.php:19

actionadmin_initclass.wp-wiki-tooltip-admin.php:20

actioninitclass.wp-wiki-tooltip-mce.php:11

filtermce_external_pluginsclass.wp-wiki-tooltip-mce.php:26

filtermce_buttonsclass.wp-wiki-tooltip-mce.php:27

filtermce_external_languagesclass.wp-wiki-tooltip-mce.php:28

actionwp_enqueue_scriptsclass.wp-wiki-tooltip.php:14

actionwp_footerclass.wp-wiki-tooltip.php:15

filterthe_contentclass.wp-wiki-tooltip.php:17

actionplugins_loadedwp-wiki-tooltip.php:22

Maintenance & Trust

WP Wiki Tooltip Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 10, 2025

PHP min version

Downloads15K

Community Trust

Rating96/100

Number of ratings18

Active installs200

Alternatives

WP Wiki Tooltip Alternatives

WikiLink

wikilink

An easier way to link to Wikipedia.

10 No CVEs

Wikipedia Preview

wikipedia-preview

Wikipedia Preview lets you show a popup card with a short summary from Wikipedia when a reader clicks or hovers over a link.

1K 1 CVE

RDP Wiki Embed

rdp-wiki-embed

RDP Wiki Embed lets you embed content from MediaWiki sites.

400 1 unpatched

Wiki Embed

wiki-embed

Wiki Embed lets you embed mediawiki pages in to your site, sites like Wikipedia

100 1 CVE

InfoLink

infolinks

Quickly add Links to Wikipedia, IMDB Sites or search for site/blog or news with Google. And New with 1.3 also your bookmarked Links.

60 No CVEs

Developer Profile

WP Wiki Tooltip Developer Profile

Nico Danneberg

1 plugin · 200 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

174 days

View full developer profile

Detection Fingerprints

How We Detect WP Wiki Tooltip

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-wiki-tooltip/static/css/wp-wiki-tooltip-admin.css/wp-content/plugins/wp-wiki-tooltip/static/css/wp-wiki-tooltip-mce.css/wp-content/plugins/wp-wiki-tooltip/static/js/wp-wiki-tooltip-admin.js

Script Paths

/wp-content/plugins/wp-wiki-tooltip/static/js/wp-wiki-tooltip-admin.js

Version Parameters

wp-wiki-tooltip/style.css?ver=wp-wiki-tooltip-admin.css?ver=wp-wiki-tooltip-mce.css?ver=wp-wiki-tooltip-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-wiki-tooltip-settings-designwp-wiki-tooltip-settings-errorwp-wiki-tooltip-settings-thumb

Data Attributes

wp-wiki-tooltip-settings-base[nonce]wp-wiki-tooltip-settings-error[nonce]wp-wiki-tooltip-settings-design[nonce]wp-wiki-tooltip-settings-thumb[nonce]

JS Globals

wp_wiki_tooltip_admin

REST Endpoints

/wp-json/wp-wiki-tooltip/v1/pages

FAQ