Does Hashtag URL Placeholder have any unpatched vulnerabilities?

No. All known vulnerabilities in Hashtag URL Placeholder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hashtag URL Placeholder compatible with WordPress 4.9.29?

According to WordPress.org data, Hashtag URL Placeholder 1.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Hashtag URL Placeholder updated?

Hashtag URL Placeholder was last updated on Dec 15, 2017. Frequent updates are generally a positive security signal.

What is Hashtag URL Placeholder's security score?

Hashtag URL Placeholder has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hashtag URL Placeholder Security & Risk Analysis

wordpress.org/plugins/hashtag-url-placeholder

Create a #hastag linking to your latest post, in a post type or category.

20 active installs v1.3 PHP + WP 4.1+ Updated Dec 15, 2017

hashtaglinklinksmenuurl

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hashtag URL Placeholder Safe to Use in 2026?

Generally Safe

Score 85/100

Hashtag URL Placeholder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "hashtag-url-placeholder" plugin v1.3 exhibits a strong security posture based on the provided static analysis. The absence of any detected dangerous functions, raw SQL queries, file operations, or external HTTP requests is commendable. Furthermore, the plugin demonstrates excellent output escaping practices with 96% of outputs properly escaped, and 100% of its SQL queries utilize prepared statements, significantly mitigating risks of injection vulnerabilities. The complete lack of identified taint flows, unsanitized paths, or known CVEs in its history indicates a well-developed and secure plugin.

However, a notable area for potential concern is the complete absence of any nonce checks or capability checks, especially given that the analysis indicates an "attack surface" of zero entry points without authentication. While no direct vulnerabilities are currently indicated by the data, the lack of these fundamental security mechanisms could expose the plugin to unforeseen risks if its functionality were to evolve or if future vulnerabilities are discovered that could be exploited through these unverified entry points. The plugin's strengths lie in its clean code and responsible handling of data, but its reliance on the absence of attack vectors, rather than explicit defense mechanisms, is a minor weakness.

Key Concerns

No Nonce checks implemented
No Capability checks implemented

Vulnerabilities

None known

Hashtag URL Placeholder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Hashtag URL Placeholder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped47 total outputs

Attack Surface

Hashtag URL Placeholder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_menucreate_settings.php:7

actionadmin_initcreate_settings.php:20

filterwp_get_nav_menu_itemscreate_settings.php:152

filterwp_get_nav_menu_itemscreate_settings.php:185

filterwp_get_nav_menu_itemscreate_settings.php:217

filterwp_get_nav_menu_itemscreate_settings.php:249

filterwp_get_nav_menu_itemscreate_settings.php:281

Maintenance & Trust

Hashtag URL Placeholder Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedDec 15, 2017

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Hashtag URL Placeholder Alternatives

MessyMenu

messymenu

100

A solution that enhances the functionality of the WordPress Dashboard navigation

0 No CVEs

No Category Base (WPML)

no-category-base-wpml

100

This plugin removes the mandatory 'Category Base' from your category permalinks. It's compatible with WPML.

100K No CVEs

Export All URLs

export-all-urls

This plugin enables you to extract information such as Title, URL, Categories, Tags, Author, as well as Published and Modified dates for built-in post …

50K 5 CVEs

Remove Category URL – Remove 'category' base from category permalinks

remove-category-url

100

Remove Category URL strips the /category/ base from your category URLs, turning something like /category/my-category/ into simply /my-category/.

50K No CVEs

Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links

update-urls

100

Quick and Easy way to search all URLS, Content and replace them with new links and content in WordPress website.

20K No CVEs

Developer Profile

Hashtag URL Placeholder Developer Profile

Russell Aaron

2 plugins · 40 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hashtag URL Placeholder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

hashtag_name_onehashtag_post_type_query_onehashtag_post_type_category_query_onehashtag_name_twohashtag_post_type_query_twohashtag_post_type_category_query_two+9 more

FAQ