Does Hoo Companion have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Hoo Companion compatible with WordPress 4.9.29?

According to WordPress.org data, Hoo Companion 1.0.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Hoo Companion compatible with PHP 5.6+?

Hoo Companion requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Hoo Companion updated?

Hoo Companion was last updated on Oct 21, 2018. Frequent updates are generally a positive security signal.

What is Hoo Companion's security score?

Hoo Companion has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hoo Companion Security & Risk Analysis

wordpress.org/plugins/hoo-companion

Theme metabox options for HooThemes.

100 active installs v1.0.2 PHP 5.6+ WP 4.0+ Updated Oct 21, 2018

page-options

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Hoo Companion Safe to Use in 2026?

Generally Safe

Score 85/100

Hoo Companion has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "hoo-companion" plugin v1.0.2 exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. While the code signals show an absence of dangerous functions and a relatively high percentage of prepared SQL statements, the presence of 8 AJAX handlers without any authentication or capability checks represents a major attack vector. This lack of authorization could allow unauthenticated users to trigger potentially harmful actions within the plugin. The low number of nonce and capability checks further exacerbates this issue, indicating a general oversight in securing entry points.

Despite these significant concerns, the plugin's vulnerability history is clean, with no recorded CVEs. This might suggest that the plugin has not been extensively targeted or that past issues (if any) were promptly addressed. However, the lack of historical vulnerabilities should not overshadow the immediate risks identified in the static analysis. The plugin's strengths lie in its avoidance of dangerous functions and its generally good practice with SQL prepared statements. Nevertheless, the critical need for robust authentication and authorization checks on its AJAX endpoints cannot be overstated, and this weakness significantly detracts from its overall security.

Key Concerns

8 AJAX handlers without auth checks
Only 2 capability checks
Only 4 nonce checks
55% output escaping

Vulnerabilities

None known

Hoo Companion Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Hoo Companion Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Hoo Companion Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

277

342 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

88% prepared16 total queries

Output Escaping

55% escaped619 total outputs

Attack Surface

8 unprotected

Hoo Companion Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_hoo_get_categorieshoo-companion.php:45

noprivwp_ajax_hoo_get_categorieshoo-companion.php:46

authwp_ajax_hoo-sites-import-customizer-settingsincludes\importer\sites-importer.php:9

noprivwp_ajax_hoo-sites-import-customizer-settingsincludes\importer\sites-importer.php:10

authwp_ajax_hoo-sites-import-wxrincludes\importer\sites-importer.php:11

authwp_ajax_hoo-sites-import-optionsincludes\importer\sites-importer.php:12

authwp_ajax_hoo-sites-import-widgetsincludes\importer\sites-importer.php:13

authwp_ajax_hoo-wxr-importincludes\importer\wxr-importer\class-hoo-wxr-importer.php:61

WordPress Hooks 110

actioninithoo-companion.php:38

actionadmin_enqueue_scriptshoo-companion.php:40

actionwp_enqueue_scriptshoo-companion.php:42

actioninithoo-companion.php:47

filterhoo_sidebarhoo-companion.php:48

filterhoo_admin_page_buttonhoo-companion.php:49

actionwidgets_initincludes\govideo-widgets.php:17

filtercustomizer_widgets_section_argsincludes\govideo-widgets.php:30

filterwie_import_dataincludes\importer\class-sites-helper.php:40

filterwp_prepare_attachment_for_jsincludes\importer\class-sites-helper.php:41

filterwxr_importer.pre_process.postincludes\importer\sites-importer.php:14

filterimport_post_meta_keyincludes\importer\wordpress-importer.php:103

filterhttp_request_timeoutincludes\importer\wordpress-importer.php:104

actionadmin_initincludes\importer\wordpress-importer.php:1228

filterupload_mimesincludes\importer\wxr-importer\class-hoo-wxr-importer.php:60

filterwxr_importer.pre_process.userincludes\importer\wxr-importer\class-hoo-wxr-importer.php:62

filterwxr_importer.pre_process.userincludes\importer\wxr-importer\class-hoo-wxr-importer.php:105

actionwxr_importer.processed.postincludes\importer\wxr-importer\class-hoo-wxr-importer.php:108

actionwxr_importer.process_failed.postincludes\importer\wxr-importer\class-hoo-wxr-importer.php:109

actionwxr_importer.process_already_imported.postincludes\importer\wxr-importer\class-hoo-wxr-importer.php:110

actionwxr_importer.process_skipped.postincludes\importer\wxr-importer\class-hoo-wxr-importer.php:111

actionwxr_importer.processed.commentincludes\importer\wxr-importer\class-hoo-wxr-importer.php:112

actionwxr_importer.process_already_imported.commentincludes\importer\wxr-importer\class-hoo-wxr-importer.php:113

actionwxr_importer.processed.termincludes\importer\wxr-importer\class-hoo-wxr-importer.php:114

actionwxr_importer.process_failed.termincludes\importer\wxr-importer\class-hoo-wxr-importer.php:115

actionwxr_importer.process_already_imported.termincludes\importer\wxr-importer\class-hoo-wxr-importer.php:116

actionwxr_importer.processed.userincludes\importer\wxr-importer\class-hoo-wxr-importer.php:117

actionwxr_importer.process_failed.userincludes\importer\wxr-importer\class-hoo-wxr-importer.php:118

filterimport_post_meta_keyincludes\importer\wxr-importer\class-wxr-importer.php:321

filterhttp_request_timeoutincludes\importer\wxr-importer\class-wxr-importer.php:322

actioninitincludes\metabox\butterbean\butterbean.php:19

actionload-post.phpincludes\metabox\butterbean\class-butterbean.php:203

actionload-post-new.phpincludes\metabox\butterbean\class-butterbean.php:204

actionbutterbean_registerincludes\metabox\butterbean\class-butterbean.php:207

actionbutterbean_registerincludes\metabox\butterbean\class-butterbean.php:208

actionbutterbean_registerincludes\metabox\butterbean\class-butterbean.php:209

actionbutterbean_registerincludes\metabox\butterbean\class-butterbean.php:210

actionadd_meta_boxesincludes\metabox\butterbean\class-butterbean.php:252

actionsave_postincludes\metabox\butterbean\class-butterbean.php:255

actionadmin_enqueue_scriptsincludes\metabox\butterbean\class-butterbean.php:258

actionbutterbean_enqueue_scriptsincludes\metabox\butterbean\class-butterbean.php:259

actionadmin_footerincludes\metabox\butterbean\class-butterbean.php:262

actionadmin_footerincludes\metabox\butterbean\class-butterbean.php:263

actionadmin_print_footer_scriptsincludes\metabox\butterbean\class-butterbean.php:266

actionload-post.phpincludes\metabox\gallery-metabox\gallery-metabox.php:29

actionload-post-new.phpincludes\metabox\gallery-metabox\gallery-metabox.php:30

actionsave_postincludes\metabox\gallery-metabox\gallery-metabox.php:52

actionadmin_enqueue_scriptsincludes\metabox\gallery-metabox\gallery-metabox.php:55

filterbutterbean_pre_control_templateincludes\metabox\metabox.php:65

filterbutterbean_control_templateincludes\metabox\metabox.php:68

actionbutterbean_registerincludes\metabox\metabox.php:71

actionbutterbean_registerincludes\metabox\metabox.php:78

actionbutterbean_registerincludes\metabox\metabox.php:81

actionadmin_enqueue_scriptsincludes\metabox\metabox.php:84

filterbody_classincludes\metabox\metabox.php:89

filterhoo_get_second_sidebarincludes\metabox\metabox.php:92

filterhoo_get_sidebarincludes\metabox\metabox.php:95

filterhoo_display_top_barincludes\metabox\metabox.php:98

filterhoo_display_headerincludes\metabox\metabox.php:101

filterhoo_custom_menuincludes\metabox\metabox.php:104

filterhoo_header_styleincludes\metabox\metabox.php:107

filterhoo_center_header_left_menuincludes\metabox\metabox.php:110

filterhoo_custom_header_templateincludes\metabox\metabox.php:113

filterget_custom_logoincludes\metabox\metabox.php:116

filterhoo_custom_logoincludes\metabox\metabox.php:119

filterhoo_retina_logoincludes\metabox\metabox.php:122

filterhoo_logo_max_widthincludes\metabox\metabox.php:125

filterhoo_logo_max_width_tabletincludes\metabox\metabox.php:128

filterhoo_logo_max_width_mobileincludes\metabox\metabox.php:131

filterhoo_logo_max_heightincludes\metabox\metabox.php:134

filterhoo_logo_max_height_tabletincludes\metabox\metabox.php:137

filterhoo_logo_max_height_mobileincludes\metabox\metabox.php:140

filterhoo_menu_link_colorincludes\metabox\metabox.php:143

filterhoo_menu_link_color_hoverincludes\metabox\metabox.php:144

filterhoo_menu_link_color_activeincludes\metabox\metabox.php:145

filterhoo_menu_link_backgroundincludes\metabox\metabox.php:146

filterhoo_menu_link_hover_backgroundincludes\metabox\metabox.php:147

filterhoo_menu_link_active_backgroundincludes\metabox\metabox.php:148

filterhoo_menu_social_links_bgincludes\metabox\metabox.php:149

filterhoo_menu_social_hover_links_bgincludes\metabox\metabox.php:150

filterhoo_menu_social_links_colorincludes\metabox\metabox.php:151

filterhoo_menu_social_hover_links_colorincludes\metabox\metabox.php:152

filterhoo_display_page_headerincludes\metabox\metabox.php:155

filterhoo_display_page_header_headingincludes\metabox\metabox.php:158

filterhoo_page_header_styleincludes\metabox\metabox.php:161

filterhoo_titleincludes\metabox\metabox.php:164

filterhoo_post_subheadingincludes\metabox\metabox.php:167

filterhoo_display_breadcrumbsincludes\metabox\metabox.php:170

filterhoo_page_header_background_imageincludes\metabox\metabox.php:173

filterhoo_post_title_background_colorincludes\metabox\metabox.php:176

filterhoo_post_title_bg_image_positionincludes\metabox\metabox.php:179

filterhoo_post_title_bg_image_attachmentincludes\metabox\metabox.php:180

filterhoo_post_title_bg_image_repeatincludes\metabox\metabox.php:181

filterhoo_post_title_bg_image_sizeincludes\metabox\metabox.php:182

filterhoo_post_title_heightincludes\metabox\metabox.php:185

filterhoo_post_title_bg_overlayincludes\metabox\metabox.php:188

filterhoo_post_title_bg_overlay_colorincludes\metabox\metabox.php:191

filterhoo_display_footer_widgetsincludes\metabox\metabox.php:194

filterhoo_display_footer_bottomincludes\metabox\metabox.php:197

filterhoo_head_cssincludes\metabox\metabox.php:200

actionhoo_before_top_barincludes\metabox\shortcodes.php:20

actionhoo_after_top_barincludes\metabox\shortcodes.php:32

actionhoo_before_headerincludes\metabox\shortcodes.php:44

actionhoo_after_headerincludes\metabox\shortcodes.php:56

actionhoo_before_page_headerincludes\metabox\shortcodes.php:68

actionhoo_after_page_headerincludes\metabox\shortcodes.php:80

actionhoo_before_footer_widgetsincludes\metabox\shortcodes.php:92

actionhoo_after_footer_widgetsincludes\metabox\shortcodes.php:104

actionhoo_before_footer_bottomincludes\metabox\shortcodes.php:116

actionhoo_after_footer_bottomincludes\metabox\shortcodes.php:128

Maintenance & Trust

Hoo Companion Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 21, 2018

PHP min version5.6

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Hoo Companion Alternatives

No alternatives data available yet.

Developer Profile

Hoo Companion Developer Profile

HooThemes

6 plugins · 560 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hoo Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hoo-companion/js/admin.js/wp-content/plugins/hoo-companion/css/admin.css/wp-content/plugins/hoo-companion/js/site-importer.js/wp-content/plugins/hoo-companion/includes/metabox/controls/typography/webfonts.php/wp-content/plugins/hoo-companion/includes/metabox/butterbean/butterbean.php/wp-content/plugins/hoo-companion/includes/metabox/metabox.php/wp-content/plugins/hoo-companion/includes/metabox/shortcodes.php/wp-content/plugins/hoo-companion/includes/metabox/gallery-metabox/gallery-metabox.php+6 more

Script Paths

/wp-content/plugins/hoo-companion/js/admin.js/wp-content/plugins/hoo-companion/js/site-importer.js

Version Parameters

hoo-companion/js/admin.js?ver=hoo-companion/css/admin.csshoo-companion/js/site-importer.js?ver=

HTML / DOM Fingerprints

CSS Classes

hoo-import-sitehoo-importer-statushoo-required-pluginshoo-installable

Data Attributes

data-site-wxrdata-site-optionsdata-site-widgetsdata-site-customizer

JS Globals

hooSiteImporter

REST Endpoints

/wp-json/wp/v2/users

FAQ