WP-Safety

Hello Stranger Things Security & Risk Analysis

wordpress.org/plugins/hello-stranger-things

This is a fun alternative plugin of Holly Dolly. It takes all the fun of Stranger Things Series!

10 active installs v0.2 PHP + WP 3.0+ Updated Jan 3, 2018
admin-areahellohello-dollyhello-stranger-thingsstranger-things
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Hello Stranger Things Safe to Use in 2026?

Generally Safe

Score 85/100

Hello Stranger Things has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "hello-stranger-things" plugin v0.2 exhibits a generally strong security posture based on the provided static analysis. The absence of detected AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the attack surface. Furthermore, the complete absence of dangerous functions, file operations, external HTTP requests, and SQL queries not using prepared statements are excellent indicators of secure coding practices. The plugin also demonstrates no recorded vulnerabilities in its history, which is a positive sign. However, a critical concern emerges from the output escaping: 100% of detected outputs are not properly escaped. This presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities if any user-controlled input is rendered directly in the frontend without sanitization. The lack of nonce and capability checks also means that if any functionality were to be introduced that could be triggered externally, it would be unprotected.

Key Concerns

  • 100% of outputs unescaped
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Hello Stranger Things Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Hello Stranger Things Release Timeline

v0.2Current
Code Analysis
Analyzed Apr 16, 2026

Hello Stranger Things Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped2 total outputs
Attack Surface

Hello Stranger Things Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actionadmin_noticeshello-stranger-things.php:63
actionadmin_headhello-stranger-things.php:83
Maintenance & Trust

Hello Stranger Things Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 3, 2018
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Hello Stranger Things Alternatives

Dolly

Dolly

dolly

A
85

A WordPress plugin to make sure Hello Dolly stays deactivated.

90 No CVEs
The Dude

The Dude

the-dude

A
85

That, or His Dudeness… Duder… or El Duderino, if, you know, you're not into the whole brevity thing.

20 No CVEs
The Force

The Force

the-force

A
85

This Plugin is Just Similar to the WordPress' Famous Hello Dolly Plugin. Except when activated you will randomly see a quote from The Star Wars S …

20 No CVEs
Bye Felisha

Bye Felisha

bye-felicia

A
100

This is just a simple plugin to replace Hello Dolly. For funsies. You're welcome. Now, bye Felisha.

10 No CVEs
Charlie Sheen Quote Generator

Charlie Sheen Quote Generator

charlie-sheen-quote-generator

A
85

This plugin displays a random quote from Charlie Sheen. Includes a widget, short code, and over-writes Hello Dolly.

10 No CVEs
Developer Profile

Hello Stranger Things Developer Profile

Yakovos Frountas

3 plugins · 30 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hello Stranger Things

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes
id='stranger-things'
FAQ

Frequently Asked Questions about Hello Stranger Things