WP-Safety

Home Improvement Companion Security & Risk Analysis

wordpress.org/plugins/home-improvement-companion

This plugin is a must-have plugin offering powerful features to fine tune home improvement and renovation service businesses websites.

60 active installs v1.0.2 PHP 7.1+ WP 5.6+ Updated Sep 20, 2024
offersportfoliopromotionteamtestimonial
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Home Improvement Companion Safe to Use in 2026?

Generally Safe

Score 92/100

Home Improvement Companion has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "home-improvement-companion" plugin v1.0.2 demonstrates a generally strong security posture with several positive indicators. The complete absence of known CVEs and a history of no recorded vulnerabilities suggests a commitment to security or a lack of prior exploitation. Furthermore, the code analysis shows excellent practices regarding SQL queries (100% prepared statements) and output escaping (98% properly escaped), significantly mitigating common vulnerabilities like SQL injection and XSS. The use of nonces and capability checks, where present, is also a positive sign.

However, a significant concern arises from the presence of 11 AJAX handlers, with 5 of them lacking explicit authentication checks. This presents a substantial attack surface where unauthenticated users could potentially interact with sensitive functionality. While taint analysis shows no unsanitized paths, the unprotected AJAX endpoints represent a potential entry point for attackers to trigger unintended actions or expose information, even if direct exploitation isn't immediately apparent from the provided taint data. The file operations and external HTTP requests are also areas to monitor, although the absence of critical taint flows is reassuring.

In conclusion, while the plugin benefits from a clean vulnerability history and good data handling practices, the unprotected AJAX endpoints are a notable weakness that needs to be addressed. Strengthening the authentication and authorization checks on these entry points would significantly improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
Vulnerabilities
None known

Home Improvement Companion Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Home Improvement Companion Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
14
572 escaped
Nonce Checks
7
Capability Checks
13
File Operations
6
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped586 total outputs
Attack Surface
5 unprotected

Home Improvement Companion Attack Surface

Entry Points11
Unprotected5

AJAX Handlers 11

authwp_ajax_required_pluginssrc\App\Backend\Ajax.php:43
authwp_ajax_check_pluginsrc\App\Backend\Ajax.php:44
authwp_ajax_load_more_postssrc\App\General\Ajax.php:41
noprivwp_ajax_load_more_postssrc\App\General\Ajax.php:42
authwp_ajax_kirki_fonts_google_all_getvendors\kirki\kirki-packages\googlefonts\src\GoogleFonts.php:47
noprivwp_ajax_kirki_fonts_google_all_getvendors\kirki\kirki-packages\googlefonts\src\GoogleFonts.php:48
authwp_ajax_kirki_fonts_standard_all_getvendors\kirki\kirki-packages\module-webfonts\src\Webfonts\Google.php:88
noprivwp_ajax_kirki_fonts_standard_all_getvendors\kirki\kirki-packages\module-webfonts\src\Webfonts\Google.php:89
authwp_ajax_kirki_dismiss_discount_noticevendors\kirki\kirki-packages\settings\src\Notice.php:25
authwp_ajax_kirki_clear_font_cachevendors\kirki\kirki-packages\settings\src\SetupSettings.php:40
authwp_ajax_kirki_prepare_install_udbvendors\kirki\kirki-packages\settings\src\SetupSettings.php:41
WordPress Hooks 168
actionplugins_loadedhome-improvement-companion.php:81
actionadmin_menusrc\App\Backend\AdminMenu.php:57
filterpt-ocdi/import_filessrc\App\Backend\DemoImporter.php:46
filteradmin_enqueue_scriptssrc\App\Backend\DemoImporter.php:47
filterocdi/register_pluginssrc\App\Backend\DemoImporter.php:48
actionpt-ocdi/after_importsrc\App\Backend\DemoImporter.php:49
filterocdi/plugin_page_setupsrc\App\Backend\DemoImporter.php:50
actionadmin_enqueue_scriptssrc\App\Backend\Enqueue.php:40
actioncustomize_controls_enqueue_scriptssrc\App\Backend\Enqueue.php:41
actioncustomize_controls_print_stylessrc\App\Backend\Enqueue.php:42
actionadmin_noticessrc\App\Backend\Notices.php:53
actionadmin_noticessrc\App\Backend\Notices.php:54
actionadd_meta_boxessrc\App\Backend\Team.php:71
actionsave_postsrc\App\Backend\Team.php:72
actionadd_meta_boxessrc\App\Backend\Testimonial.php:61
actionsave_postsrc\App\Backend\Testimonial.php:62
filterbody_classsrc\App\Frontend\BodyClass.php:40
filterbody_classsrc\App\Frontend\BodyClass.php:41
actionwp_enqueue_scriptssrc\App\Frontend\Enqueue.php:40
actionhome_improvement_headersrc\App\Frontend\Hooks.php:55
actionhome_improvement_frontpagesrc\App\Frontend\Hooks.php:56
actionhome_improvement_sidebarsrc\App\Frontend\Hooks.php:58
actionhome_improvement_archive_filtersrc\App\Frontend\Hooks.php:59
filterget_the_archive_titlesrc\App\Frontend\Hooks.php:61
filterget_the_archive_descriptionsrc\App\Frontend\Hooks.php:62
filterget_the_archive_title_prefixsrc\App\Frontend\Hooks.php:63
actioninitsrc\App\General\PostTaxonomies.php:73
actioninitsrc\App\General\PostTypes.php:77
actionwidgets_initsrc\App\General\Widgets.php:42
actionwidgets_initsrc\App\General\Widgets.php:49
actionshutdownsrc\Bootstrap.php:355
actionadmin_noticessrc\Common\Utils\Errors.php:105
actionadmin_initsrc\Common\Utils\Errors.php:118
filterwp_kses_allowed_htmlsrc\Helpers.php:39
filterkirki/configsrc\Integrations\Customizer\Customizer.php:54
actioninitsrc\Integrations\Customizer\Customizer.php:57
actioncustomize_registersrc\Integrations\Customizer\Customizer.php:58
actioninitsrc\Integrations\Customizer\Customizer.php:59
filterinitsrc\Integrations\Customizer\Customizer.php:61
actioncustomize_registersrc\Integrations\Customizer\options\site-identity.php:26
filterinitsrc\Integrations\Customizer\Theme_Mods.php:43
actioncustomize_registervendors\kirki\kirki-packages\compatibility\src\Aliases.php:152
filterkirki_configvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:4
filterkirki_control_typesvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:8
filterkirki_section_typesvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:12
filterkirki_section_types_excludevendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:16
filterkirki_control_types_excludevendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:20
filterkirki_controlsvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:24
filterkirki_fieldsvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:28
filterkirki_modulesvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:32
filterkirki_panel_typesvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:36
filterkirki_setting_typesvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:40
filterkirki_variablevendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:44
filterkirki_values_get_valuevendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:48
actioninitvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:52
filterkirki_enqueue_google_fontsvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:82
filterkirki_styles_arrayvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:86
filterkirki_dynamic_css_methodvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:90
filterkirki_postmessage_scriptvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:94
filterkirki_fonts_allvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:98
filterkirki_fonts_standard_fontsvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:102
filterkirki_fonts_google_fontsvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:106
filterkirki_googlefonts_load_methodvendors\kirki\kirki-packages\compatibility\src\deprecated\filters.php:110
actionwp_loadedvendors\kirki\kirki-packages\compatibility\src\Init.php:43
filterkirki_control_typesvendors\kirki\kirki-packages\compatibility\src\Init.php:44
actioncustomize_registervendors\kirki\kirki-packages\compatibility\src\Init.php:46
actionadmin_noticesvendors\kirki\kirki-packages\compatibility\src\Init.php:48
actionadmin_initvendors\kirki\kirki-packages\compatibility\src\Init.php:49
actioncustomize_registervendors\kirki\kirki-packages\compatibility\src\Init.php:102
actioncustomize_registervendors\kirki\kirki-packages\compatibility\src\Init.php:103
actionafter_setup_themevendors\kirki\kirki-packages\compatibility\src\Modules.php:49
actionafter_setup_themevendors\kirki\kirki-packages\compatibility\src\Modules.php:50
actionwp_enqueue_scriptsvendors\kirki\kirki-packages\compatibility\src\Scripts.php:38
actionadmin_register_scriptsvendors\kirki\kirki-packages\compatibility\src\Scripts.php:39
actioncustomize_controls_enqueue_scriptsvendors\kirki\kirki-packages\compatibility\src\Scripts.php:40
filterkirki_output_item_argsvendors\kirki\kirki-packages\control-image\src\Field\Image.php:56
filterkirki_output_control_classnamesvendors\kirki\kirki-packages\control-image\src\Field\Image.php:57
actioncustomize_preview_initvendors\kirki\kirki-packages\control-react-colorful\src\Field\ReactColorful.php:60
filterkirki_output_control_classnamesvendors\kirki\kirki-packages\control-react-colorful\src\Field\ReactColorful.php:61
filterkirki_field_add_setting_argsvendors\kirki\kirki-packages\data-option\src\Option.php:27
filterkirki_field_add_control_argsvendors\kirki\kirki-packages\data-option\src\Option.php:28
filterkirki_get_valuevendors\kirki\kirki-packages\data-option\src\Option.php:29
actionwp_loadedvendors\kirki\kirki-packages\field\src\Field.php:90
actionwpvendors\kirki\kirki-packages\field\src\Field.php:97
actioncustomize_registervendors\kirki\kirki-packages\field\src\Field.php:107
actioncustomize_registervendors\kirki\kirki-packages\field\src\Field.php:110
actioncustomize_registervendors\kirki\kirki-packages\field\src\Field.php:113
filterkirki_field_add_setting_argsvendors\kirki\kirki-packages\field\src\Field.php:116
filterkirki_field_add_control_argsvendors\kirki\kirki-packages\field\src\Field.php:117
actioncustomize_preview_initvendors\kirki\kirki-packages\field-background\src\Background.php:246
filterkirki_output_control_classnamesvendors\kirki\kirki-packages\field-background\src\Background.php:247
actioncustomize_controls_enqueue_scriptsvendors\kirki\kirki-packages\field-dimensions\src\Dimensions.php:43
actioncustomize_preview_initvendors\kirki\kirki-packages\field-dimensions\src\Dimensions.php:44
filterkirki_output_control_classnamesvendors\kirki\kirki-packages\field-dimensions\src\Dimensions.php:45
filterkirki_output_control_classnamesvendors\kirki\kirki-packages\field-multicolor\src\Field\Multicolor.php:41
actioncustomize_controls_enqueue_scriptsvendors\kirki\kirki-packages\field-typography\src\Field\Typography.php:209
actioncustomize_preview_initvendors\kirki\kirki-packages\field-typography\src\Field\Typography.php:210
filterkirki_output_control_classnamesvendors\kirki\kirki-packages\field-typography\src\Field\Typography.php:211
actionplugins_loadedvendors\kirki\kirki-packages\l10n\src\L10n.php:62
filteroverride_load_textdomainvendors\kirki\kirki-packages\l10n\src\L10n.php:66
actionkirki_field_initvendors\kirki\kirki-packages\module-css\src\CSS.php:82
actioninitvendors\kirki\kirki-packages\module-css\src\CSS.php:83
actionwpvendors\kirki\kirki-packages\module-css\src\CSS.php:96
actionwp_enqueue_scriptsvendors\kirki\kirki-packages\module-css\src\CSS.php:106
actionwp_headvendors\kirki\kirki-packages\module-css\src\CSS.php:108
actionadmin_initvendors\kirki\kirki-packages\module-editor-styles\src\Editor_Styles.php:80
actionenqueue_block_editor_assetsvendors\kirki\kirki-packages\module-editor-styles\src\Editor_Styles.php:107
actionafter_setup_themevendors\kirki\kirki-packages\module-editor-styles\src\Editor_Styles.php:108
actioncustomize_controls_enqueue_scriptsvendors\kirki\kirki-packages\module-field-dependencies\src\Field_Dependencies.php:38
filterkirki_field_add_control_argsvendors\kirki\kirki-packages\module-field-dependencies\src\Field_Dependencies.php:39
actioncustomize_registervendors\kirki\kirki-packages\module-panels\src\Panel.php:63
actioncustomize_controls_enqueue_scriptsvendors\kirki\kirki-packages\module-panels\src\Panel.php:65
actioncustomize_registervendors\kirki\kirki-packages\module-panels\src\Panel.php:112
actioncustomize_preview_initvendors\kirki\kirki-packages\module-postmessage\src\Postmessage.php:37
actionkirki_field_add_setting_argsvendors\kirki\kirki-packages\module-postmessage\src\Postmessage.php:38
actioncustomize_controls_print_footer_scriptsvendors\kirki\kirki-packages\module-preset\src\Preset.php:38
filterkirki_field_add_control_argsvendors\kirki\kirki-packages\module-preset\src\Preset.php:39
actioncustomize_controls_enqueue_scriptsvendors\kirki\kirki-packages\module-section-icons\src\Section_Icons.php:56
actionkirki_panel_addedvendors\kirki\kirki-packages\module-section-icons\src\Section_Icons.php:57
actionkirki_section_addedvendors\kirki\kirki-packages\module-section-icons\src\Section_Icons.php:58
actioncustomize_registervendors\kirki\kirki-packages\module-sections\src\Section.php:65
actioncustomize_registervendors\kirki\kirki-packages\module-sections\src\Section.php:68
actioncustomize_controls_enqueue_scriptsvendors\kirki\kirki-packages\module-sections\src\Section.php:70
actioncustomize_controls_print_footer_scriptsvendors\kirki\kirki-packages\module-sections\src\Section.php:71
actioncustomize_registervendors\kirki\kirki-packages\module-sections\src\Section.php:142
filterkirki_field_add_setting_argsvendors\kirki\kirki-packages\module-selective-refresh\src\Selective_Refresh.php:35
actioncustomize_controls_print_footer_scriptsvendors\kirki\kirki-packages\module-tooltips\src\Tooltips.php:41
filterkirki_field_add_control_argsvendors\kirki\kirki-packages\module-tooltips\src\Tooltips.php:42
actionwp_headvendors\kirki\kirki-packages\module-webfonts\src\Webfonts\Async.php:82
actionwp_headvendors\kirki\kirki-packages\module-webfonts\src\Webfonts\Async.php:83
actionadmin_enqueue_scriptsvendors\kirki\kirki-packages\module-webfonts\src\Webfonts\Async.php:86
actionadmin_enqueue_scriptsvendors\kirki\kirki-packages\module-webfonts\src\Webfonts\Async.php:87
actionwpvendors\kirki\kirki-packages\module-webfonts\src\Webfonts\Embed.php:72
actionkirki_dynamic_cssvendors\kirki\kirki-packages\module-webfonts\src\Webfonts\Embed.php:85
actionkirki_field_initvendors\kirki\kirki-packages\module-webfonts\src\Webfonts.php:51
actionwp_loadedvendors\kirki\kirki-packages\module-webfonts\src\Webfonts.php:52
actionadmin_noticesvendors\kirki\kirki-packages\settings\src\Notice.php:23
actionadmin_enqueue_scriptsvendors\kirki\kirki-packages\settings\src\Notice.php:24
actioninitvendors\kirki\kirki-packages\settings\src\SetupSettings.php:22
actionadmin_menuvendors\kirki\kirki-packages\settings\src\SetupSettings.php:35
actionadmin_enqueue_scriptsvendors\kirki\kirki-packages\settings\src\SetupSettings.php:36
actionadmin_enqueue_scriptsvendors\kirki\kirki-packages\settings\src\SetupSettings.php:37
filteradmin_body_classvendors\kirki\kirki-packages\settings\src\SetupSettings.php:38
filterhttp_request_argsvendors\kirki\kirki-packages\util\src\Util.php:37
actionkirki_field_initvendors\kirki\kirki-packages\util\src\Util.php:38
actionplugins_loadedvendors\kirki\pro-src\packages\kirki-pro-headline-divider\kirki-pro-headline-divider.php:55
filterkirki_control_typesvendors\kirki\pro-src\packages\kirki-pro-headline-divider\src\Init.php:21
actionplugins_loadedvendors\kirki\pro-src\packages\kirki-pro-input-slider\kirki-pro-input-slider.php:55
filterkirki_control_typesvendors\kirki\pro-src\packages\kirki-pro-input-slider\src\Init.php:25
actionplugins_loadedvendors\kirki\pro-src\packages\kirki-pro-margin-padding\kirki-pro-margin-padding.php:55
actioncustomize_preview_initvendors\kirki\pro-src\packages\kirki-pro-margin-padding\src\Field\Margin.php:58
filterkirki_output_control_classnamesvendors\kirki\pro-src\packages\kirki-pro-margin-padding\src\Field\Margin.php:59
filterkirki_control_typesvendors\kirki\pro-src\packages\kirki-pro-margin-padding\src\Init.php:21
actionplugins_loadedvendors\kirki\pro-src\packages\kirki-pro-responsive\kirki-pro-responsive.php:55
actioncustomize_registervendors\kirki\pro-src\packages\kirki-pro-responsive\src\Init.php:34
filterkirki_control_typesvendors\kirki\pro-src\packages\kirki-pro-responsive\src\Init.php:35
filterkirki_field_exclude_initvendors\kirki\pro-src\packages\kirki-pro-responsive\src\Init.php:37
actionkirki_field_custom_initvendors\kirki\pro-src\packages\kirki-pro-responsive\src\Init.php:38
filterkirki_get_valuevendors\kirki\pro-src\packages\kirki-pro-responsive\src\Init.php:44
filterpre_set_site_transient_update_pluginsvendors\kirki\pro-src\packages\kirki-pro-tabs\edd\EDD_SL_Plugin_Updater.php:73
filterplugins_apivendors\kirki\pro-src\packages\kirki-pro-tabs\edd\EDD_SL_Plugin_Updater.php:74
actionafter_plugin_rowvendors\kirki\pro-src\packages\kirki-pro-tabs\edd\EDD_SL_Plugin_Updater.php:75
actionadmin_initvendors\kirki\pro-src\packages\kirki-pro-tabs\edd\EDD_SL_Plugin_Updater.php:76
actionplugins_loadedvendors\kirki\pro-src\packages\kirki-pro-tabs\kirki-pro-tabs.php:57
filterkirki_control_typesvendors\kirki\pro-src\packages\kirki-pro-tabs\src\Init.php:23
filterkirki_field_add_control_argsvendors\kirki\pro-src\packages\kirki-pro-tabs\src\Init.php:24
actionkirki_section_initvendors\kirki\pro-src\packages\kirki-pro-tabs\src\Init.php:25
actionplugins_loadedvendors\kirki\pro-src\pro-index.php:72
Maintenance & Trust

Home Improvement Companion Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 20, 2024
PHP min version7.1
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Alternatives

Home Improvement Companion Alternatives

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

cozy-essential-addons

A
100

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K No CVEs
Walker Core

Walker Core

walker-core

A
99

Walker Core is the companion plugin for WalkerWP Themes, which provides core functionality and custom post type for the themes.

900 1 CVE
Dental Focus

Dental Focus

dental-focus

A
85

This plugin allows to develop dental blog and website with dental testimonial, team, portfolio, banner, treatment.

10 No CVEs
ThemeHunk Customizer

ThemeHunk Customizer

themehunk-customizer

A
100

ThemeHunk Customiser plugin will add features of testimonial, team and service.

7K No CVEs
Hunk Companion

Hunk Companion

hunk-companion

A
93

Adds customizer settings and controls to the Gogo Theme.

6K 2 CVEs
Developer Profile

Home Improvement Companion Developer Profile

alleythemes

4 plugins · 630 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Home Improvement Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/home-improvement-companion/vendors/kirki/kirki.php/wp-content/plugins/home-improvement-companion/vendors/kirki/pro-src/pro-index.php

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Home Improvement Companion