CMC Hook Security & Risk Analysis
wordpress.org/plugins/cmc-hookRegister php functions to hooks(action and filter), run php codes safely, create and test plugins all from dashboard tools
Is CMC Hook Safe to Use in 2026?
Generally Safe
Score 85/100CMC Hook has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "cmc-hook" v1.0.6 plugin exhibits a mixed security posture. While it demonstrates good practices by utilizing prepared statements for all SQL queries and performing a reasonable number of nonce and capability checks, there are significant areas of concern. The presence of an unprotected AJAX handler represents a direct attack vector that could be exploited by unauthenticated users. Furthermore, the taint analysis reveals two high-severity flows with unsanitized data, indicating potential for cross-site scripting (XSS) or other injection vulnerabilities if these flows are not properly handled before output or further processing. The plugin has no recorded vulnerability history, which is a positive sign, but it does not negate the risks identified in the static analysis. The relatively low percentage of properly escaped output also contributes to a heightened risk profile, as it increases the likelihood of XSS vulnerabilities.
Key Concerns
- Unprotected AJAX handler
- High severity taint flows
- Low percentage of properly escaped output
CMC Hook Security Vulnerabilities
CMC Hook Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
CMC Hook Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 7
Maintenance & Trust
CMC Hook Maintenance & Trust
Maintenance Signals
Community Trust
CMC Hook Alternatives
Code Manager
code-manager
Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.
Custom CSS, JS & PHP
custom-css
Just another custom CSS, JavaScript & PHP tool for WordPress.
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager
insert-headers-and-footers
Easily add code snippets in WordPress. Insert header & footer scripts, add PHP code snippets with conditional logic, insert ads pixel code, and more.
Code Snippets
code-snippets
An easy, clean and simple way to enhance your site with code snippets.
Asset CleanUp: Page Speed Booster
wp-asset-clean-up
Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.
CMC Hook Developer Profile
2 plugins · 0 total installs
How We Detect CMC Hook
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/cmc-hook/js/main.js/wp-content/plugins/cmc-hook/js/intro/intro.js/wp-content/plugins/cmc-hook/js/TipTip/jquery.tipTip.js/wp-content/plugins/cmc-hook/js/jqueryFileTree/jqueryFileTree.js/wp-content/plugins/cmc-hook/css/jquery-ui/jquery-ui.css/wp-content/plugins/cmc-hook/css/intro/introjs.css/wp-content/plugins/cmc-hook/css/font-awesome/css/font-awesome.min.css/wp-content/plugins/cmc-hook/js/TipTip/tipTip.css+1 more/wp-content/plugins/cmc-hook/js/main.js/wp-content/plugins/cmc-hook/js/intro/intro.js/wp-content/plugins/cmc-hook/js/TipTip/jquery.tipTip.js/wp-content/plugins/cmc-hook/js/jqueryFileTree/jqueryFileTree.jscmc-hook/js/main.js?ver=cmc-hook/js/intro/intro.js?ver=cmc-hook/js/TipTip/jquery.tipTip.js?ver=cmc-hook/js/jqueryFileTree/jqueryFileTree.js?ver=cmc-hook/css/jquery-ui/jquery-ui.css?ver=cmc-hook/css/intro/introjs.css?ver=cmc-hook/css/font-awesome/css/font-awesome.min.css?ver=cmc-hook/js/TipTip/tipTip.css?ver=cmc-hook/js/jqueryFileTree/jqueryFileTree.css?ver=HTML / DOM Fingerprints
cmchk_negcmchksh-contentdata-cmchkdata-cmchk-idCMCHK_AJAX_URLCMCHK_URL_JSCMCHK_URL_CSSCMCHK_URL_IMG/wp-json/cmchk/v1/hooks/wp-json/cmchk/v1/projects[cmchksh][cmchksh id=''][cmchksh slug='']