WP-Safety

H Speed WP Security & Risk Analysis

wordpress.org/plugins/h-seeed-wp

ワードプレスの高速化やSEO対策、セキュリティ、スパムコメント、盗用などの対策等の様々な機能を実行するプラグインです。

10 active installs v4.0.2 PHP + WP 4.3+ Updated Jul 5, 2016
javascriptjquerysecurityspeeding-up
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is H Speed WP Safe to Use in 2026?

Generally Safe

Score 85/100

H Speed WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "h-seeed-wp" v4.0.2 plugin exhibits a mixed security posture. On the positive side, its attack surface appears minimal, with no registered AJAX handlers, REST API routes, shortcodes, or cron events identified. Crucially, the lack of known historical vulnerabilities (CVEs) suggests a relatively stable security record. However, the static analysis reveals several concerning code signals. The presence of the `create_function` is a significant red flag, as it's considered a dangerous and deprecated function that can lead to code injection vulnerabilities if not handled with extreme care. Furthermore, the plugin performs SQL queries exclusively without using prepared statements, which exposes it to SQL injection risks. A low percentage of properly escaped output indicates a high likelihood of cross-site scripting (XSS) vulnerabilities. The taint analysis, while limited in scope, did identify unsanitized paths, hinting at potential data handling issues, although no critical or high severity flows were found. The bundled outdated jQuery library also presents a potential risk, as older versions may contain known vulnerabilities.

While the absence of known CVEs and a small attack surface are strengths, the identified code weaknesses – namely the use of `create_function`, unescaped output, raw SQL queries, and potentially outdated bundled libraries – represent significant potential vulnerabilities. These issues could be exploited by attackers, even without a historical record of breaches. A thorough review and remediation of these code signals are strongly recommended to improve the plugin's overall security.

Key Concerns

  • Dangerous function 'create_function' used
  • SQL queries not using prepared statements
  • Low percentage of properly escaped output
  • Bundled outdated jQuery library
  • Unsanitized paths identified in taint analysis
Vulnerabilities
None known

H Speed WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

H Speed WP Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

H Speed WP Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
0 prepared
Unescaped Output
49
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
7
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

create_functionadd_filter('login_errors', create_function('$a', "return '<strong>ERROR</strong>: ログインできませんでした。You cfunction\security.php:33

Bundled Libraries

jQuery1.12.3

SQL Query Safety

0% prepared1 total queries

Output Escaping

14% escaped57 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
callback_html (function\beta.php:181)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

H Speed WP Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 117
actionadmin_menuadmin\admin.php:7
actionadmin_initadmin\admin.php:8
filterxmlrpc_methodsfunction\beta.php:99
filterwp_headersfunction\beta.php:104
filterxmlrpc_enabledfunction\beta.php:111
actioninitfunction\beta.php:122
actioninitfunction\beta.php:131
actiontemplate_redirectfunction\beta.php:266
actionshutdownfunction\beta.php:272
actionafter_switch_themefunction\beta.php:280
actionwp_insert_postfunction\beta.php:281
actiontrashed_postfunction\beta.php:282
actionedited_termsfunction\beta.php:283
actioncomment_postfunction\beta.php:284
actionedit_commentfunction\beta.php:285
actionactivated_pluginfunction\beta.php:286
actiondeactivated_pluginfunction\beta.php:287
actionadmin_head-theme-editor.phpfunction\beta.php:289
actionlogin_initfunction\security.php:7
filterlogin_errorsfunction\security.php:33
actionwp_login_failedfunction\security.php:43
actionlogin_formfunction\security.php:82
filtercomment_classfunction\security.php:89
actioninitfunction\security.php:101
actioninitfunction\security.php:120
filterauto_update_pluginfunction\security.php:142
filterauto_update_themefunction\security.php:146
filterallow_minor_auto_core_updatesfunction\security.php:150
filterallow_major_auto_core_updatesfunction\security.php:151
actionsend_headersfunction\security.php:170
filterxmlrpc_methodsfunction\security.php:203
filterwp_headersfunction\security.php:208
filterxmlrpc_enabledfunction\security.php:215
actioninitfunction\security.php:226
actioninitfunction\security.php:235
filterstyle_loader_srcfunction\security.php:258
filterscript_loader_srcfunction\security.php:259
actionlogin_enqueue_scriptsfunction\security.php:263
filterallow_password_resetfunction\security.php:266
filterupload_mimesfunction\security.php:275
actionwp_headfunction\seo.php:4
filterpost_classfunction\seo.php:244
filterthe_contentfunction\seo.php:252
actionwp_footerfunction\seo.php:267
actionadmin_menufunction\seo.php:304
actioninitfunction\seo.php:306
actionsave_postfunction\seo.php:327
actionadmin_head-post.phpfunction\seo.php:545
actionadmin_head-post-new.phpfunction\seo.php:546
actionadmin_head-upload.phpfunction\seo.php:564
actionadmin_head-options-permalink.phpfunction\seo.php:581
actionadmin_head-options-reading.phpfunction\seo.php:593
actionadmin_headfunction\seo.php:594
actionadmin_head-options-writing.phpfunction\seo.php:605
actionadmin_footer-post-new.phpfunction\seo.php:621
actionadmin_footer-post.phpfunction\seo.php:622
actionadmin_head-options-discussion.phpfunction\seo.php:634
actionadmin_head-edit-tags.phpfunction\seo.php:644
actionwp_print_scriptsfunction\server_capacitance.php:7
actionpre_comment_on_postfunction\spam_comment.php:45
filtercomment_flood_filterfunction\spam_comment.php:104
actioncomment_form_after_fieldsfunction\spam_comment.php:117
actioncomment_formfunction\spam_comment.php:122
actioninitfunction\speeding_up.php:8
actionadmin_headfunction\speeding_up.php:21
actionwp_headfunction\speeding_up.php:22
filterstyle_loader_srcfunction\speeding_up.php:31
filterscript_loader_srcfunction\speeding_up.php:32
filterstyle_loader_tagfunction\speeding_up.php:35
filterscript_loader_tagfunction\speeding_up.php:40
actionwp_enqueue_scriptsfunction\speeding_up.php:48
actionwp_footerfunction\speeding_up.php:56
actionwp_footerfunction\speeding_up.php:58
actionwp_footerfunction\speeding_up.php:60
actionwp_headfunction\speeding_up.php:67
actionwp_headfunction\speeding_up.php:73
actionwp_footerfunction\speeding_up.php:85
filterwp_editor_set_qualityfunction\speeding_up.php:103
actionwp_handle_uploadfunction\speeding_up.php:106
actionwp_handle_uploadfunction\speeding_up.php:168
actionwp_footerfunction\speeding_up.php:190
filterthe_contentfunction\speeding_up.php:201
filterpost_thumbnail_htmlfunction\speeding_up.php:202
filterget_avatarfunction\speeding_up.php:203
filterwidget_textfunction\speeding_up.php:204
filtercomment_text function\speeding_up.php:205
filterwp_calculate_image_srcsetfunction\speeding_up.php:210
actionwp_footerfunction\speeding_up.php:212
filterthe_contentfunction\speeding_up.php:221
filterpost_thumbnail_htmlfunction\speeding_up.php:222
filterget_avatarfunction\speeding_up.php:223
filterwidget_textfunction\speeding_up.php:224
filtercomment_text function\speeding_up.php:225
filterpost_thumbnail_htmlfunction\speeding_up.php:244
actionwp_enqueue_scriptsfunction\speeding_up.php:260
actionwp_footerfunction\speeding_up.php:261
actionwp_enqueue_scriptsfunction\speeding_up.php:267
actionwp_enqueue_scriptsfunction\speeding_up.php:279
actionwp_enqueue_scriptsfunction\speeding_up.php:290
filterjetpack_implode_frontend_cssfunction\speeding_up.php:306
actionwp_enqueue_scriptsfunction\speeding_up.php:314
actionwp_footerfunction\speeding_up.php:315
actionwp_enqueue_scriptsfunction\speeding_up.php:322
actionwp_enqueue_scriptsfunction\speeding_up.php:330
actionwp_enqueue_scriptsfunction\speeding_up.php:335
actionwp_enqueue_scriptsfunction\speeding_up.php:344
actionwp_enqueue_scriptsfunction\speeding_up.php:354
actionwp_headfunction\speeding_up.php:365
actionwp_headfunction\speeding_up.php:407
actionwp_headfunction\speeding_up.php:421
actionwp_footerfunction\speeding_up.php:440
filterrest_enabledfunction\speeding_up.php:480
filterrest_jsonp_enabledfunction\speeding_up.php:481
actionwp_footerfunction\steal_prevention.php:7
filterthe_excerpt_rssfunction\steal_prevention.php:48
filterthe_content_feedfunction\steal_prevention.php:49
actionactivated_pluginfunction\variable.php:28
Maintenance & Trust

H Speed WP Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedJul 5, 2016
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

H Speed WP Alternatives

Enable jQuery Migrate Helper

Enable jQuery Migrate Helper

enable-jquery-migrate-helper

B
71

Get information about calls to deprecated jQuery features in plugins or themes.

80K 1 unpatched
jQuery Updater

jQuery Updater

jquery-updater

A
100

This plugin updates jQuery to the latest stable version on your website.

20K No CVEs
Use Google Libraries

Use Google Libraries

use-google-libraries

A
85

Allows your site to use common javascript libraries from Google's AJAX Libraries CDN, rather than from WordPress's own copies.

10K No CVEs
Jquery Validation For Contact Form 7

Jquery Validation For Contact Form 7

jquery-validation-for-contact-form-7

A
99

New standard of advance validation for Contact Form 7.

9K 1 CVE
Slideshow

Slideshow

slideshow

A
85

A shortcode for displaying a slideshow of image attachments for a post.

1K No CVEs
Developer Profile

H Speed WP Developer Profile

yokudekiru

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect H Speed WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/h-seeed-wp/admin/admin.css

HTML / DOM Fingerprints

CSS Classes
wrapicon32
HTML Comments
/* Copyright 2016 yokudekiru (email : yokudekirugakusei@gmail.com) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, version 2, as published by the Free Software Foundation. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110_1301 USA */
Data Attributes
oo="on"oo="on-off"
JS Globals
MicrosoftTranslatorWidget
FAQ

Frequently Asked Questions about H Speed WP