Does HivePress Messages have any unpatched vulnerabilities?

No. All known vulnerabilities in HivePress Messages have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HivePress Messages compatible with WordPress 6.9.4?

According to WordPress.org data, HivePress Messages 1.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is HivePress Messages compatible with PHP 7.4+?

HivePress Messages requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is HivePress Messages updated?

HivePress Messages was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is HivePress Messages's security score?

HivePress Messages has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HivePress Messages Security & Risk Analysis

wordpress.org/plugins/hivepress-messages

Allow users to send private messages.

8K active installs v1.4.0 PHP 7.4+ WP 5.0+ Updated Feb 12, 2026

classifiedsdirectoryhivepresslistingsmessages

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is HivePress Messages Safe to Use in 2026?

Generally Safe

Score 100/100

HivePress Messages has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The static analysis of hivepress-messages v1.4.0 indicates a strong security posture with no identified vulnerabilities in the provided data. The absence of dangerous functions, the exclusive use of prepared statements for all SQL queries, and 100% output escaping are excellent security practices. The lack of file operations and external HTTP requests further reduces the potential attack surface. Furthermore, the plugin has no recorded CVEs, indicating a history of robust security or diligent patching.

While the data shows no exploitable flaws, the absence of nonce checks and the limited number of capability checks (though present) could be areas for further scrutiny in a deeper audit. The very limited attack surface (0 AJAX handlers, 0 REST API routes, 0 shortcodes, 0 cron events) is a significant strength, as it leaves very few entry points for potential attackers. However, it's important to note that the "Total flows analyzed: 0" in the taint analysis means no dynamic analysis was performed, which could miss certain types of vulnerabilities.

Overall, based on the static analysis and vulnerability history, hivepress-messages v1.4.0 appears to be a secure plugin. The developers have implemented critical security measures effectively. The primary areas for potential enhancement would be to ensure thorough dynamic analysis and to review the limited number of capability checks and nonce usage in any future updates, although no immediate risks are apparent from the provided data.

Key Concerns

No Taint Flows Analyzed
Limited Capability Checks
No Nonce Checks

Vulnerabilities

None known

HivePress Messages Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

HivePress Messages Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

64 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared9 total queries

Output Escaping

100% escaped64 total outputs

Attack Surface

HivePress Messages Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 24

filterhivepress/v1/extensionshivepress-messages.php:18

filterhivepress/v1/models/message/errorsincludes\components\class-message.php:32

filteroption_hp_message_allow_attachmentincludes\components\class-message.php:35

filterhivepress/v1/models/messageincludes\components\class-message.php:40

filterhivepress/v1/forms/message_sendincludes\components\class-message.php:41

actionhivepress/v1/events/dailyincludes\components\class-message.php:47

actionhivepress/v1/models/user/deleteincludes\components\class-message.php:48

actionhivepress/v1/models/message/createincludes\components\class-message.php:51

actionhivepress/v1/models/message/updateincludes\components\class-message.php:52

actionhivepress/v1/models/message/deleteincludes\components\class-message.php:53

actioninitincludes\components\class-message.php:59

filterhivepress/v1/menus/user_accountincludes\components\class-message.php:62

filterhivepress/v1/templates/messages_view_page/blocksincludes\components\class-message.php:65

filterhivepress/v1/templates/message_view_block/blocksincludes\components\class-message.php:67

filterhivepress/v1/templates/message_thread_block/blocksincludes\components\class-message.php:68

filterhivepress/v1/templates/listing_view_blockincludes\components\class-message.php:70

filterhivepress/v1/templates/listing_view_pageincludes\components\class-message.php:71

filterhivepress/v1/templates/vendor_view_blockincludes\components\class-message.php:73

filterhivepress/v1/templates/vendor_view_pageincludes\components\class-message.php:74

filterhivepress/v1/templates/user_view_blockincludes\components\class-message.php:76

filterhivepress/v1/templates/user_view_pageincludes\components\class-message.php:77

filterhivepress/v1/templates/order_footer_blockincludes\components\class-message.php:80

filterhivepress/v1/templates/booking_view_blockincludes\components\class-message.php:84

filterhivepress/v1/templates/booking_view_pageincludes\components\class-message.php:85

Maintenance & Trust

HivePress Messages Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 12, 2026

PHP min version7.4

Downloads90K

Community Trust

Rating74/100

Number of ratings3

Active installs8K

Alternatives

HivePress Messages Alternatives

HivePress Favorites

hivepress-favorites

100

Allow users to keep a list of favorite listings.

8K No CVEs

HivePress Reviews

hivepress-reviews

100

Allow users to rate and review listings.

8K No CVEs

HivePress Geolocation

hivepress-geolocation

100

Allow users to search listings by location.

7K No CVEs

HivePress Paid Listings

hivepress-paid-listings

100

Charge users for adding, featuring and renewing listings.

6K No CVEs

HivePress Claim Listings

hivepress-claim-listings

Charge users for claiming listings.

3K 1 unpatched

Developer Profile

HivePress Messages Developer Profile

HivePress

9 plugins · 60K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

154 days

View full developer profile

Detection Fingerprints

How We Detect HivePress Messages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hivepress-messages/assets/css/frontend.css/wp-content/plugins/hivepress-messages/assets/js/frontend.js

Script Paths

/wp-content/plugins/hivepress-messages/assets/js/frontend.js

Version Parameters

hivepress-messages/assets/css/frontend.css?ver=hivepress-messages/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

hp-messageshp-message-threadhp-message-thread__headerhp-message-thread__contenthp-message-thread__footerhp-message-formhp-message-form__recipienthp-message-form__subject+12 more

HTML Comments

Data Attributes

data-component="message-thread"data-component="message-form"data-component="messages-list"

JS Globals

hp.messageshp.messageThreadhp.messageFormhp.messagesList

REST Endpoints

/wp-json/hivepress/v1/messages

Shortcode Output

[hivepress_messages][hivepress_message_form][hivepress_message_thread]

FAQ