Does EduHack have any unpatched vulnerabilities?

No. All known vulnerabilities in EduHack have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EduHack compatible with WordPress 4.5.33?

According to WordPress.org data, EduHack 1.1 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is EduHack updated?

EduHack was last updated on Jul 15, 2016. Frequent updates are generally a positive security signal.

What is EduHack's security score?

EduHack has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EduHack Security & Risk Analysis

wordpress.org/plugins/eduhack

Hacking your education! Plugin for create courses and grids.

10 active installs v1.1 PHP + WP 3.0+ Updated Jul 15, 2016

coursecourse-grideducationhacksuncollege

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is EduHack Safe to Use in 2026?

Generally Safe

Score 85/100

EduHack has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "eduhack" v1.1 plugin exhibits a mixed security posture. On the positive side, the plugin has a remarkably small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are secured using prepared statements, and there are no file operations or external HTTP requests, which are common vectors for vulnerabilities. The presence of nonce checks is also a good sign of basic security consciousness.

However, significant concerns arise from the static analysis. The most critical finding is the 100% of output not being properly escaped, which presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the taint analysis reveals 100% of analyzed flows with unsanitized paths, including one of high severity. This suggests that data processed by the plugin is not being adequately validated or neutralized before use, potentially leading to exploitable conditions. The absence of capability checks for any of its entry points (though there are none) is also a weakness if the attack surface were to grow.

The plugin's vulnerability history is clean, with no known CVEs. This is a positive indicator, but it could also be a reflection of its limited attack surface and the fact that it might not have been extensively targeted or analyzed in the past. In conclusion, while "eduhack" v1.1 benefits from a negligible attack surface and secure SQL practices, the critical issues of unescaped output and unsanitized taint flows pose a substantial risk that needs immediate attention to prevent potential XSS and other injection-based attacks.

Key Concerns

High severity taint flow found
All outputs are unescaped
Unsanitized paths in all taint flows
No capability checks

Vulnerabilities

None known

EduHack Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

EduHack Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

0% escaped53 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

<admin-view-course> (admin-view-course.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EduHack Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_menuindex.php:13

actioninitindex.php:14

filterthe_contentindex.php:16

filterwp_headindex.php:18

actionadmin_enqueue_scriptsindex.php:20

filtergettextindex.php:578

Maintenance & Trust

EduHack Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedJul 15, 2016

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

EduHack Alternatives

Tutor LMS – eLearning and online course solution

tutor

A complete WordPress LMS plugin to create any eLearning website easily.

100K 61 CVEs

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

learnpress

A WordPress LMS Plugin to create WordPress Learning Management System. Turn your WordPress to LMS WordPress Website with Courses, Lessons, Quizzes &am …

80K 64 CVEs

MasterStudy LMS WordPress Plugin – for Online Courses and Education

masterstudy-lms-learning-management-system

Learning Management System and eLearning plugin for WordPress. Create easily LMS WordPress website, add and sell Courses, Lessons, Quizzes online.

10K 24 CVEs

Masteriyo LMS – Online Course Builder for eLearning, LMS & Education

learning-management-system

The complete WordPress LMS plugin for course creation & monetization. Create engaging courses, lessons, quizzes, assignments & certificates.

4K 11 CVEs

Academy LMS – WordPress LMS Plugin for Complete eLearning Solution

academy

Academy LMS is the all-rounder among all WordPress LMS plugins. A complete solution, easy to use, feature-rich and provides powerful integrations.

2K 11 CVEs

Developer Profile

EduHack Developer Profile

Arthur Ronconi

4 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect EduHack

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eduhack/grid.css/wp-content/plugins/eduhack/gridnodes.js

Script Paths

/wp-content/plugins/eduhack/gridnodes.js

HTML / DOM Fingerprints

CSS Classes

module

Data Attributes

id="eduhack-grid"id="module_level_id="module_

JS Globals

parent_colorconnect_modules

FAQ