Does Heat Map Graph have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Heat Map Graph compatible with WordPress 6.8.5?

According to WordPress.org data, Heat Map Graph 1.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Heat Map Graph updated?

Heat Map Graph was last updated on Aug 23, 2025. Frequent updates are generally a positive security signal.

What is Heat Map Graph's security score?

Heat Map Graph has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Heat Map Graph Security & Risk Analysis

wordpress.org/plugins/heat-map-graph

Create and display heat maps from custom SQL queries. Define row, column, and value fields, select color ranges, and render via shortcode.

10 active installs v1.0.0 PHP + WP 6.0+ Updated Aug 23, 2025

analyticschartsheatmapshortcodesql

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Heat Map Graph Safe to Use in 2026?

Generally Safe

Score 100/100

Heat Map Graph has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The "heat-map-graph" v1.0.0 plugin exhibits a generally good security posture, with strong adherence to secure coding practices. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and complete output escaping are commendable. Furthermore, the plugin demonstrates a low attack surface with no AJAX handlers or REST API routes directly exposed without proper checks. The presence of nonce and capability checks further strengthens its security. However, the taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high severity in the provided data, represent a potential area of concern that warrants further investigation. The plugin's complete lack of recorded vulnerabilities in its history is a significant positive indicator, suggesting a well-developed and maintained codebase. Overall, while the plugin has a strong foundation, the identified unsanitized paths are the primary weakness that could be exploited if not addressed. The absence of past vulnerabilities is encouraging, but the taint analysis highlights a need for vigilance.

Key Concerns

Flows with unsanitized paths found

Vulnerabilities

None known

Heat Map Graph Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Heat Map Graph Release Timeline

v1.0.0Current

Code Analysis

Analyzed Apr 16, 2026

Heat Map Graph Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

60 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared16 total queries

Output Escaping

100% escaped60 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

render_admin_page (heat-map-graph.php:419)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Heat Map Graph Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[heat_map_graph] heat-map-graph.php:34

WordPress Hooks 3

actionadmin_menuheat-map-graph.php:31

actionadmin_initheat-map-graph.php:32

actionadmin_enqueue_scriptsheat-map-graph.php:33

Maintenance & Trust

Heat Map Graph Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 23, 2025

PHP min version

Downloads252

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Heat Map Graph Alternatives

Aurora Heatmap

aurora-heatmap

Beautiful like an aurora! A simple WordPress heatmap that can be completed with just a plugin.

20K No CVEs

Mouseflow for WordPress

mouseflow-for-wordpress

Mouseflow gives you free and easy-to-use conversion and user experience analytics for your website. Analyze conversion funnels, heatmaps and even sess …

7K No CVEs

UserHeat Plugin

userheat

Free heatmaps plugin for web analytics, on both PC and smartphone.

6K 1 CVE

Lucky Orange

lucky-orange

Less time crunching numbers, more time growing your business.

2K No CVEs

QA Assistants – Driven by data

qa-heatmap-analytics

Let your data speak — assistants with different perspectives help you understand your site, alongside heatmaps and replays.

2K 1 CVE

Developer Profile

Heat Map Graph Developer Profile

Hayan

3 plugins · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Heat Map Graph

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/heat-map-graph/assets/css/heatmap.css

Version Parameters

heat-map-graph/assets/css/heatmap.css?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes

exaig-color-field

Data Attributes

data-default-color

JS Globals

jQuery

FAQ