WP-Safety

Hack-Info Security & Risk Analysis

wordpress.org/plugins/hack-info

Ext Security. Monitoring about evil hacking attempts. Our reports - Simply, Briefly and in Detail.

10 active installs v4.25 PHP 5.4+ WP 4.1+ Updated Mar 19, 2026
hackmonitoringscanningsecuritytools
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 11, 2024
Plugin page Download
Safety Verdict

Is Hack-Info Safe to Use in 2026?

Generally Safe

Score 99/100

Hack-Info has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 11, 2024Updated 1mo ago
Risk Assessment

The "hack-info" plugin v4.25 demonstrates a generally good security posture, with no critical or high-severity vulnerabilities identified in static and taint analysis. The plugin utilizes prepared statements for all SQL queries and properly escapes all output, indicating sound development practices in these common areas of concern. Furthermore, the absence of dangerous functions, file operations, and a limited attack surface with 100% protected entry points are strong indicators of a secure codebase.

However, the plugin is not without its risks. The presence of one known medium-severity vulnerability in its history, last patched in December 2024, suggests a pattern of past security weaknesses. While this specific vulnerability is now patched, it raises a flag about the historical security of the plugin and the diligence required by users to keep it updated. The single external HTTP request, while not inherently malicious, represents a potential point of compromise if the external service is compromised or if the request is not handled securely. The single cron event also warrants attention; if this event performs sensitive operations without proper authentication or sanitization, it could become an attack vector.

In conclusion, "hack-info" v4.25 is a relatively secure plugin, particularly in its handling of database queries and output. Its strengths lie in its well-protected entry points and adherence to secure coding practices for common web vulnerabilities. The primary concern stems from its vulnerability history, highlighting the importance of ongoing updates and vigilance for users. The external HTTP request and cron event, while not immediately concerning based on the provided data, represent areas that users should monitor for any changes or unexpected behavior.

Key Concerns

  • Known past medium vulnerability
  • Single external HTTP request
  • Single cron event present
Vulnerabilities
1 published

Hack-Info Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-54353medium · 6.1Cross-Site Request Forgery (CSRF)

Hack-Info <= 3.17 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Dec 11, 2024 Patched in 3.18 (9d)
Version History

Hack-Info Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Hack-Info Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
0
72 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped72 total outputs
Attack Surface

Hack-Info Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionplugins_loadedhack-info.php:30
actioninithack-info.php:37
actionwp_headhack-info.php:62
actionwp_login_failedhack-info.php:83
actionadmin_menuincludes/admin/admin.php:10
actionadmin_enqueue_scriptsincludes/admin/admin.php:23
filterplugin_action_links_hack-info/hack-info.phpincludes/admin/admin.php:44
filtercron_schedulesincludes/schedules.php:26
actionhackinfo_send_digestincludes/schedules.php:50

Scheduled Events 1

hackinfo_send_digest
Maintenance & Trust

Hack-Info Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 19, 2026
PHP min version5.4
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Hack-Info Alternatives

N0WPScan

N0WPScan

n0wpscan

A
85

Secure your Wordpress of WPScan Prevent hackers using WPScan to find vulnerabilities in your site, disable this plugin when you are security testing o &hellip;

40 No CVEs
Hostinger Tools

Hostinger Tools

hostinger

A
99

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE
All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

mainwp-child

A
91

MainWP Child establishes a secure link between your WordPress sites and your self-hosted MainWP Dashboard, simplifying site management.

700K 7 CVEs
Modular DS: Monitor, update, and backup multiple websites

Modular DS: Monitor, update, and backup multiple websites

modular-connector

A
87

Manage all your WordPress sites from one place. Automate updates, backups, uptime monitoring, security, maintenance reports, and more.

40K 3 CVEs
Developer Profile

Hack-Info Developer Profile

wpgear

18 plugins · 2K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
21 days
View full developer profile
Detection Fingerprints

How We Detect Hack-Info

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hack-info/includes/admin/css/admin-style.css
Version Parameters
hack-info/includes/admin/css/admin-style.css?ver=

HTML / DOM Fingerprints

HTML Comments
/* * WPGear. * Hack-Info * admin.php */
FAQ

Frequently Asked Questions about Hack-Info