Does BH FAQ have any unpatched vulnerabilities?

No. All known vulnerabilities in BH FAQ have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BH FAQ compatible with WordPress 3.5.2?

According to WordPress.org data, BH FAQ 1.2 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is BH FAQ updated?

BH FAQ was last updated on Jun 29, 2015. Frequent updates are generally a positive security signal.

What is BH FAQ's security score?

BH FAQ has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BH FAQ Security & Risk Analysis

wordpress.org/plugins/bh-faq

This plugin will be added Faq Option into your site. Very easy and nice plugin.If you had any problem to use this plugin. Please contact us.

10 active installs v1.2 PHP + WP 3.3+ Updated Jun 29, 2015

faqfrequently-asked-questionsgetmasumwordpress-faqwordpress-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BH FAQ Safe to Use in 2026?

Generally Safe

Score 85/100

BH FAQ has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The 'bh-faq' v1.2 plugin exhibits a mixed security posture. On the positive side, the plugin avoids dangerous functions, doesn't perform file operations or external HTTP requests, and uses prepared statements for its SQL queries. The absence of known vulnerabilities and a CVE history further suggests a potentially stable codebase. However, significant concerns arise from the static analysis. A notable weakness is the complete lack of output escaping for all identified output points, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the absence of nonce and capability checks on all entry points (even though the attack surface is small) leaves it vulnerable to various attacks if any functionality were to be exploited or if the attack surface were to grow in future versions. The vulnerability history, while currently clean, does not preclude future issues, especially given the identified code weaknesses.

Key Concerns

All outputs unescaped
No nonce checks
No capability checks

Vulnerabilities

None known

BH FAQ Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BH FAQ Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

BH FAQ Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[BH-FAQ] bh-faq.php:170

WordPress Hooks 7

actionwp_enqueue_scriptsbh-faq.php:24

actionadmin_enqueue_scriptsbh-faq.php:33

actionadmin_menubh-faq.php:40

actionadmin_initbh-faq.php:63

actionwp_footerbh-faq.php:145

actionwp_headbh-faq.php:186

actioninitregister-bh-faq-post.php:24

Maintenance & Trust

BH FAQ Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJun 29, 2015

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

BH FAQ Alternatives

Master Accordion ( Former WP Awesome FAQ Plugin )

wp-awesome-faq

Best WordPress Accordion Plugin for WordPress. Master Accordion re-branded with lots new features and customization options

800 No CVEs

MYFAQ Plugin

myfaq

100

A simple and beauty WordPress FAQ Plugin : ) , please use [my_faq] shortcode!

10 No CVEs

WP Awesome City Weather Report

wp-awesome-city-weather-report

WP Awesome City Weather Report is a Widget that displays a specified city weather Report

10 No CVEs

Mos FAQs

mos-faqs

100

Mos FAQs plugin that lets you easily create, order and publicize FAQs using shortcodes.

10 No CVEs

WPFY FAQ Block

wpfy-faq-block

Gutenberg Block plugin for Frequently Asked Questions (FAQ) feature. Very straight forward to use. Just install and enjoy.

0 No CVEs

Developer Profile

BH FAQ Developer Profile

ThemesVila

14 plugins · 2K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BH FAQ

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bh-faq/css/bh-faq.css/wp-content/plugins/bh-faq/js/bh-faq.js/wp-content/plugins/bh-faq/js/color-pickr.js

Script Paths

/wp-content/plugins/bh-faq/js/bh-faq.js/wp-content/plugins/bh-faq/js/color-pickr.js

Version Parameters

bh-faq/css/bh-faq.css?ver=bh-faq/js/bh-faq.js?ver=

HTML / DOM Fingerprints

CSS Classes

bh-faq-titlebh-faq-content

JS Globals

jQuery

Shortcode Output

<div class="accordion"><h3 class="bh-faq-title"><div class="bh-faq-content">

FAQ

BH FAQ Security & Risk Analysis

Is BH FAQ Safe to Use in 2026?

Generally Safe

Key Concerns

BH FAQ Security Vulnerabilities

BH FAQ Code Analysis

Output Escaping

BH FAQ Attack Surface

Shortcodes 1

BH FAQ Maintenance & Trust

Maintenance Signals

Community Trust

BH FAQ Alternatives

Master Accordion ( Former WP Awesome FAQ Plugin )

MYFAQ Plugin

WP Awesome City Weather Report

Mos FAQs

WPFY FAQ Block

BH FAQ Developer Profile

How We Detect BH FAQ

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about BH FAQ