Does Feature On Homepage have any unpatched vulnerabilities?

No. All known vulnerabilities in Feature On Homepage have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Feature On Homepage compatible with WordPress 4.0.38?

According to WordPress.org data, Feature On Homepage 1.0.0 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Feature On Homepage updated?

Feature On Homepage was last updated on Oct 24, 2014. Frequent updates are generally a positive security signal.

What is Feature On Homepage's security score?

Feature On Homepage has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Feature On Homepage Security & Risk Analysis

wordpress.org/plugins/feature-on-homepage

Easily feature pages or posts on your homepage using a shortcode and the new HomePage Features metabox.

10 active installs v1.0.0 PHP + WP 3.8+ Updated Oct 24, 2014

featuredhomepage

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Feature On Homepage Safe to Use in 2026?

Generally Safe

Score 85/100

Feature On Homepage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'feature-on-homepage' plugin v1.0.0 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, including a nonce check and a capability check. The absence of any recorded CVEs, both historical and current, further suggests a stable and likely secure history. The attack surface is minimal, with only one entry point (a shortcode) and no AJAX handlers or REST API routes exposed without authentication. Taint analysis also shows no critical or high severity flows, indicating no obvious paths for injecting malicious data directly through the analyzed code. However, a significant concern arises from the complete lack of output escaping. With four total outputs identified and none properly escaped, this opens the door to potential Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is ever incorporated into these outputs, even if not immediately apparent in this static analysis. The single file operation also warrants attention, though without further context, its risk is unclear.

Key Concerns

All outputs are unescaped
Single file operation found

Vulnerabilities

None known

Feature On Homepage Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Feature On Homepage Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

Feature On Homepage Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[foh_features] includes\shortcode.php:95

WordPress Hooks 6

actionadmin_enqueue_scriptsfeature-on-homepage.php:32

actionadmin_headfeature-on-homepage.php:41

actioninitfeature-on-homepage.php:54

actionwp_headfeature-on-homepage.php:85

actionadd_meta_boxesincludes\metabox.php:108

actionsave_postincludes\metabox.php:139

Maintenance & Trust

Feature On Homepage Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedOct 24, 2014

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Feature On Homepage Alternatives

Redirect 404 to Homepage

404-to-homepage

100

Redirect 404 missing pages to the homepage using SEO 301 redirection. Super lightweight!

70K No CVEs

Featured Image from URL (FIFU)

featured-image-from-url

Use remote media as the featured image and beyond.

70K 13 CVEs

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Quick Featured Images

quick-featured-images

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs

Clever Fox

clever-fox

Clever Fox plugin to enhance the functionality of free themes made by Nayra Themes.

30K 2 CVEs

Developer Profile

Feature On Homepage Developer Profile

Matt Royal

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Feature On Homepage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/feature-on-homepage/assets/font-awesome.css

HTML / DOM Fingerprints

CSS Classes

homepage_featuresmyfeaturesfeaturedfeatured_excerpt

Data Attributes

royal_foh_noncename

JS Globals

fontawesome_picker

Shortcode Output

<div class="homepage_features rows_<div class="featured_icon"><i class="fa"><h2 class="featured"><div class="featured_excerpt">

FAQ