Does HG3-Include have any unpatched vulnerabilities?

No. All known vulnerabilities in HG3-Include have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HG3-Include compatible with WordPress 3.1.4?

According to WordPress.org data, HG3-Include 1.1 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is HG3-Include updated?

HG3-Include was last updated on Nov 21, 2011. Frequent updates are generally a positive security signal.

What is HG3-Include's security score?

HG3-Include has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HG3-Include Security & Risk Analysis

wordpress.org/plugins/hg3-include

Plugin to include any code (html, php, javascript,...) directly into the WordPress editor.

10 active installs v1.1 PHP + WP 2.0.2+ Updated Nov 21, 2011

codeeditorincludephp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HG3-Include Safe to Use in 2026?

Generally Safe

Score 85/100

HG3-Include has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "hg3-include" v1.1 plugin demonstrates a generally good security posture based on the static analysis, with no dangerous functions, no SQL queries that are not prepared, and no file operations or external HTTP requests. The absence of known vulnerabilities further strengthens this positive outlook. However, there are significant areas of concern. The plugin fails to properly escape any of its outputs, presenting a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the lack of nonce and capability checks on any entry points, including shortcodes, means that these functionalities are wide open to unauthorized access and manipulation. While the attack surface appears small, its unprotected nature is a critical weakness.

Key Concerns

Output not properly escaped
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

HG3-Include Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

HG3-Include Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

HG3-Include Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[hg3_include] hg3-include.php:112

[hg3_include] hg3_include.php:112

WordPress Hooks 2

filterwidget_texthg3-include.php:113

filterwidget_texthg3_include.php:113

Maintenance & Trust

HG3-Include Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedNov 21, 2011

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

HG3-Include Alternatives

Code Manager

code-manager

100

Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.

500 No CVEs

Better Code Editor

better-code-editor

Make your editor better!

10 No CVEs

Code Revisions

code-revisions

WordPress native revisions for the theme and plugin editors.

10 No CVEs

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers

Easily add code snippets in WordPress. Insert header & footer scripts, add PHP code snippets with conditional logic, insert ads pixel code, and more.

3.0M 3 CVEs

Code Snippets

code-snippets

An easy, clean and simple way to enhance your site with code snippets.

1.0M 7 CVEs

Developer Profile

HG3-Include Developer Profile

ccc666

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect HG3-Include

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

ccc 26/06/11 -- 09:14 ------- osX garde les (, ne vire que la ) finale

Shortcode Output

[hg3_include

FAQ