Does AJAX Heartbeat Tool have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is AJAX Heartbeat Tool compatible with WordPress 5.7.15?

According to WordPress.org data, AJAX Heartbeat Tool 1.4.1 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is AJAX Heartbeat Tool updated?

AJAX Heartbeat Tool was last updated on Aug 13, 2021. Frequent updates are generally a positive security signal.

What is AJAX Heartbeat Tool's security score?

AJAX Heartbeat Tool has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AJAX Heartbeat Tool Security & Risk Analysis

wordpress.org/plugins/ajax-heartbeat-tool

Provides a method of turning the WordPress heartbeat off as well as change some settings.

400 active installs v1.4.1 PHP + WP 3.8+ Updated Aug 13, 2021

ajaxheartbeat

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is AJAX Heartbeat Tool Safe to Use in 2026?

Generally Safe

Score 85/100

AJAX Heartbeat Tool has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The ajax-heartbeat-tool plugin version 1.4.1 demonstrates an exceptionally strong security posture based on the provided static analysis and vulnerability history. The complete absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with any form of attack surface is a significant positive. Furthermore, the code signals reveal a clean codebase with no dangerous functions, all SQL queries utilizing prepared statements, and 100% output escaping. The lack of file operations, external HTTP requests, and crucially, the absence of nonce and capability checks, while not inherently a flaw given the lack of entry points, is noted. The taint analysis shows zero flows, indicating no identifiable injection vulnerabilities. The plugin's vulnerability history is also pristine, with zero recorded CVEs, which suggests a history of secure development and maintenance. Overall, this plugin appears to be very well-secured and offers a minimal risk profile.

Key Concerns

No Nonce Checks Found
No Capability Checks Found

Vulnerabilities

None known

AJAX Heartbeat Tool Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

AJAX Heartbeat Tool Release Timeline

v1.4.1Current

Code Analysis

Analyzed Mar 16, 2026

AJAX Heartbeat Tool Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

AJAX Heartbeat Tool Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_enqueue_scriptsplugin.php:57

filterheartbeat_settingsplugin.php:58

filterheartbeat_settingsplugin.php:59

Maintenance & Trust

AJAX Heartbeat Tool Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedAug 13, 2021

PHP min version

Downloads13K

Community Trust

Rating90/100

Number of ratings4

Active installs400

Alternatives

AJAX Heartbeat Tool Alternatives

Heartbeat Control

heartbeat-control

Allows you to easily manage the frequency of the WordPress heartbeat API.

80K No CVEs

Dynamic Front-End Heartbeat Control

dynamic-front-end-heartbeat-control

100

An enhanced solution to optimize the performance of your WordPress website and automatically achieve the best Heartbeat API values.

1K No CVEs

Heartbeat Controller

heartbeat-controller

100

Control WordPress Heartbeat API to reduce load. Allow, disable, or set custom frequency for Dashboard, Post Editor, and Frontend.

800 No CVEs

OrderPulse: Auto Refresh Orders for WooCommerce

orderpulse-auto-refresh-orders-for-woocommerce

100

Auto-refresh your WooCommerce Orders list in real time — no manual page reloads required.

20 No CVEs

Ivory Search – WordPress Search Plugin

add-search-to-menu

Advanced WordPress custom search plugin. Provides Search Form Customizer, WooCommerce Search, AJAX Search & Live Search support!

100K 11 CVEs

Developer Profile

AJAX Heartbeat Tool Developer Profile

Mikel King

2 plugins · 500 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect AJAX Heartbeat Tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ