Does Hello World have any unpatched vulnerabilities?

No. All known vulnerabilities in Hello World have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hello World compatible with WordPress 6.9.4?

According to WordPress.org data, Hello World 2.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Hello World compatible with PHP 5.2+?

Hello World requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hello World updated?

Hello World was last updated on Oct 26, 2025. Frequent updates are generally a positive security signal.

What is Hello World's security score?

Hello World has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hello World Security & Risk Analysis

wordpress.org/plugins/hello-world

Similar to "Hello Dolly", this plugin lets you choose from some lyrics files, of which one line is shown in your dashboard on every page load.

300 active installs v2.2.0 PHP 5.2+ WP + Updated Oct 26, 2025

dollyhellolyricsworldyoda

A · Safe

CVEs total1

Unpatched0

Last CVESep 30, 2024

Plugin page Download

Safety Verdict

Is Hello World Safe to Use in 2026?

Generally Safe

Score 99/100

Hello World has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 30, 2024Updated 5mo ago

Risk Assessment

The 'hello-world' plugin v2.2.0 exhibits a generally good security posture with several positive indicators. The absence of direct attack surface points like AJAX handlers, REST API routes, or shortcodes significantly reduces the potential for external exploitation. Furthermore, the analysis shows no critical or high-severity taint flows, indicating that data is likely handled safely within the plugin's logic. The complete absence of raw SQL queries, with 100% using prepared statements, is also a strong security practice.

However, there are areas for concern. The plugin has a history of vulnerabilities, with one known CVE related to Path Traversal. While currently unpatched CVEs are zero, this past vulnerability suggests a pattern that requires attention. The moderate rate of properly escaped output (54%) is a concern, as it leaves potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully in the remaining outputs. The presence of file operations and nonce checks, while not inherently insecure, necessitates careful implementation to avoid exploitable scenarios.

In conclusion, while the plugin has a low immediate attack surface and good practices in areas like SQL handling, the historical vulnerability and the significant percentage of unescaped output present potential risks. Continued vigilance and a review of how output is handled are recommended to maintain a strong security profile.

Key Concerns

Past vulnerability history (Path Traversal)
Moderate output escaping rate (46% unescaped)

Vulnerabilities

Hello World Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-9224medium · 6.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read

Sep 30, 2024 Patched in 2.2.0 (5d)

Code Analysis

Analyzed Mar 16, 2026

Hello World Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

54% escaped13 total outputs

Attack Surface

Hello World Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedhello-world.php:28

actionadmin_noticeshello-world.php:60

actionadmin_headhello-world.php:92

actionadmin_menuhello-world.php:100

Maintenance & Trust

Hello World Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedOct 26, 2025

PHP min version5.2

Downloads17K

Community Trust

Rating0/100

Number of ratings0

Active installs300

Alternatives

Hello World Alternatives

Custom Dolly

custom-dolly

Based on the famous Hello Dolly plugin, Custom Dolly allows you to use any song you like (or speech, film, play or anything else).

10 No CVEs

Ai Kotoba

ai-kotoba

100

This is JUST a plugin. When activated you will randomly see a lyric from the LYRICS in the upper right of your admin screen on every page.

0 No CVEs

Dolly

dolly

A WordPress plugin to make sure Hello Dolly stays deactivated.

90 No CVEs

Hello Dolly For Your Song

hello-dolly-for-your-song

100

This simple plugin shows a random line of any text in your blog.

60 No CVEs

The Force

the-force

This Plugin is Just Similar to the WordPress' Famous Hello Dolly Plugin. Except when activated you will randomly see a quote from The Star Wars S …

20 No CVEs

Developer Profile

Hello World Developer Profile

Bernhard Kau

9 plugins · 8K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect Hello World

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

hello_world

FAQ