WP-Safety

Hostvn Admin Optimize Security & Risk Analysis

wordpress.org/plugins/hostvn-admin-optimize

Hostvn Admin Optimize

400 active installs v1.0.7 PHP 5.6+ WP 4.9+ Updated Feb 8, 2021
login-recaptcharecaptchawordpress-optimizewp-admin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Hostvn Admin Optimize Safe to Use in 2026?

Generally Safe

Score 85/100

Hostvn Admin Optimize has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The 'hostvn-admin-optimize' plugin, version 1.0.7, presents a generally good security posture based on the provided static analysis. It exhibits no critical or high-severity issues in taint analysis and has a clean vulnerability history. The lack of direct entry points like AJAX handlers, REST API routes, or shortcodes significantly limits the potential attack surface. Furthermore, the code demonstrates good practices by using prepared statements for all SQL queries and incorporating capability checks for its functionalities.

However, there are areas of concern. A notable weakness is the relatively low percentage of properly escaped output (41%). This means that a significant portion of user-facing data might be vulnerable to Cross-Site Scripting (XSS) attacks if not handled carefully within the plugin's logic. Additionally, the absence of nonce checks on any of its potential entry points, while currently zero, means that if any such points were introduced in future versions without proper security measures, they would be unprotected. The single external HTTP request also warrants attention to ensure it's making requests to trusted endpoints and handling responses securely.

In conclusion, while the plugin has a strong foundation with no known vulnerabilities and secure SQL handling, the insufficient output escaping is a clear risk that could be exploited. The plugin's limited attack surface is a positive, but the lack of proactive security measures like nonce checks on potential future entry points leaves room for improvement. Addressing the output escaping issue should be a priority.

Key Concerns

  • Low output escaping percentage
  • No nonce checks on entry points
  • External HTTP request without context
Vulnerabilities
None known

Hostvn Admin Optimize Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Hostvn Admin Optimize Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
14 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

41% escaped34 total outputs
Attack Surface

Hostvn Admin Optimize Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 87
actionadmin_menuadmin\Admin.php:25
actionadmin_initadmin\Admin.php:26
actionplugins_loadedincludes\Activation.php:20
actionwp_dashboard_setupincludes\AdminDashboardWidget.php:15
actionwp_before_admin_bar_renderincludes\AdminDashboardWidget.php:16
filteradmin_footer_textincludes\AdminDashboardWidget.php:17
filtertheme_root_uriincludes\CDN.php:38
filterplugins_urlincludes\CDN.php:39
filterscript_loader_srcincludes\CDN.php:40
filterstyle_loader_srcincludes\CDN.php:41
filterupload_dirincludes\CDN.php:42
filterthe_contentincludes\CDN.php:50
filterwp_get_attachment_image_srcincludes\CDN.php:51
filterwidget_textincludes\CDN.php:52
actionwp_enqueue_scriptsincludes\ContactButton.php:20
actionwp_footerincludes\ContactButton.php:21
filterauto_update_pluginincludes\DisableUpdate.php:24
filterpre_site_transient_update_pluginsincludes\DisableUpdate.php:26
filterauto_update_themeincludes\DisableUpdate.php:29
filterauto_update_coreincludes\DisableUpdate.php:32
filterpre_site_transient_update_coreincludes\DisableUpdate.php:33
filterpre_site_transient_update_pluginsincludes\DisableUpdate.php:34
filterpre_site_transient_update_themesincludes\DisableUpdate.php:35
filterauto_core_update_send_emailincludes\DisableUpdate.php:50
filterauto_plugin_update_send_emailincludes\DisableUpdate.php:51
filterauto_theme_update_send_emailincludes\DisableUpdate.php:52
filterlogin_redirectincludes\Extras.php:24
actionget_headerincludes\Extras.php:27
filteruse_block_editor_for_post_typeincludes\Extras.php:42
filterafter_setup_themeincludes\Extras.php:43
filterwp_enqueue_scriptsincludes\Extras.php:44
filtermce_buttonsincludes\Extras.php:45
filtermce_buttons_2includes\Extras.php:46
filtertiny_mce_before_initincludes\Extras.php:47
filtermce_external_pluginsincludes\Extras.php:48
actionlogin_headincludes\Extras.php:80
filterwpcf7_load_jsincludes\Optimize.php:45
filterwpcf7_load_cssincludes\Optimize.php:46
filterpre_http_requestincludes\Optimize.php:55
actionwp_enqueue_scriptsincludes\Optimize.php:68
actioninitincludes\Optimize.php:74
filterembed_oembed_discoverincludes\Optimize.php:80
filterjson_enabledincludes\Optimize.php:91
filterjson_jsonp_enabledincludes\Optimize.php:92
filterrest_jsonp_enabledincludes\Optimize.php:93
actiondo_feedincludes\Optimize.php:103
actiondo_feed_rdfincludes\Optimize.php:104
actiondo_feed_rssincludes\Optimize.php:105
actiondo_feed_rss2includes\Optimize.php:106
actiondo_feed_atomincludes\Optimize.php:107
filterwp_revisions_to_keepincludes\Optimize.php:140
filtertiny_mce_pluginsincludes\Optimize.php:158
filterheartbeat_settingsincludes\Optimize.php:173
filterstyle_loader_srcincludes\Optimize.php:194
filterscript_loader_srcincludes\Optimize.php:195
actionwp_enqueue_scriptsincludes\Optimize.php:212
actionwp_footerincludes\Optimize.php:222
actionlogin_formincludes\Recaptcha.php:40
actionwp_authenticate_userincludes\Recaptcha.php:41
actionregister_formincludes\Recaptcha.php:49
actionregistration_errorsincludes\Recaptcha.php:50
actionlostpassword_formincludes\Recaptcha.php:58
actionlostpassword_postincludes\Recaptcha.php:59
actionlogin_enqueue_scriptsincludes\Recaptcha.php:68
actionplugins_loadedincludes\RenameWPLogin.php:20
actionwp_loadedincludes\RenameWPLogin.php:21
filtersite_urlincludes\RenameWPLogin.php:23
filterwp_redirectincludes\RenameWPLogin.php:24
filterthe_generatorincludes\Security.php:43
filterrest_authentication_errorsincludes\Security.php:51
filterrest_endpointsincludes\Security.php:72
filterlogin_errorsincludes\Security.php:90
filterxmlrpc_enabledincludes\Security.php:110
filterpre_update_option_enable_xmlrpcincludes\Security.php:111
filterpre_option_enable_xmlrpcincludes\Security.php:112
filterwp_headersincludes\Security.php:114
filterxmlrpc_methodsincludes\Security.php:125
actionphpmailer_initincludes\SMTP.php:14
filterwoocommerce_admin_featuresincludes\Woocommerce.php:26
filterwoocommerce_include_processing_order_count_in_menuincludes\Woocommerce.php:28
filterwoocommerce_allow_marketplace_suggestionsincludes\Woocommerce.php:30
filterwoocommerce_helper_suppress_admin_noticesincludes\Woocommerce.php:32
filterwoocommerce_admin_disabledincludes\Woocommerce.php:34
filterwoocommerce_helper_suppress_admin_noticesincludes\Woocommerce.php:36
actionadmin_headincludes\Woocommerce.php:38
actionwidgets_initincludes\Woocommerce.php:40
actionadmin_menuincludes\WPAdminCustom.php:20
Maintenance & Trust

Hostvn Admin Optimize Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedFeb 8, 2021
PHP min version5.6
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs400
Alternatives

Hostvn Admin Optimize Alternatives

Advanced Google reCAPTCHA

Advanced Google reCAPTCHA

advanced-google-recaptcha

A
98

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

200K 3 CVEs
reCaptcha for WooCommerce

reCaptcha for WooCommerce

advanced-google-recaptcha-for-woocommerce

A
100

Enable Google reCaptcha for WooCommerce Checkout, Login, Registration, and Reset Password Forms to protect your store against spam.

300 No CVEs
WP Login Attempts

WP Login Attempts

wp-login-attempts

A
100

WP login attempts is a very lightweight plugin that lets you customize your WordPress admin login page easily and safely.

300 No CVEs
Webdesignby Recaptcha

Webdesignby Recaptcha

webdesignby-recaptcha

A
85

Add Google’s simple checkbox reCAPTCHA to WordPress wp-admin login page.

200 No CVEs
Addonify – reCaptcha For EDD

Addonify – reCaptcha For EDD

addonify-recaptcha-for-edd

A
92

Addonify reCAPTCHA for EDD is a simple plugin that adds Google reCaptcha in Easy Digital Downloads login and registration forms.

70 No CVEs
Developer Profile

Hostvn Admin Optimize Developer Profile

Duong Thanh Binh

2 plugins · 500 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hostvn Admin Optimize

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hostvn-admin-optimize/assets/css/hvn.contact.button.css/wp-content/plugins/hostvn-admin-optimize/assets/js/hvn.contact.button.js/wp-content/plugins/hostvn-admin-optimize/assets/img/zalo-min-150x150.png/wp-content/plugins/hostvn-admin-optimize/assets/img/messenger.png

HTML / DOM Fingerprints

CSS Classes
fixed-action-btnbtn-floatingbtn-largefa-commentingzalo-colorfa-facebook-squarefacebook-colorfa-skype+15 more
Data Attributes
style="opacity: 0; transform: scale(0.4) translateY(40px) translateX(0px);"rel="noopener noreferrer nofollow"
JS Globals
HVN_AO_RecaptchaHVN_AO_ExtrasHVN_AO_Disable_UpdateHVN_AO_OptimizeHVN_AO_SecurityHVN_AO_Woocommerce+7 more
FAQ

Frequently Asked Questions about Hostvn Admin Optimize