WP-Safety

Hotspot Security & Risk Analysis

wordpress.org/plugins/hotspot

Create an awesome pins for your image. It can be use for any highlighted points and dots on your image.

70 active installs v1.1 PHP + WP 5.0+ Updated Mar 30, 2021
hotspotimageimage-hotspotmapspoints
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Hotspot Safe to Use in 2026?

Generally Safe

Score 85/100

Hotspot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "hotspot" plugin v1.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and having a high percentage of properly escaped outputs. The absence of known CVEs and a clean vulnerability history further suggests a generally stable codebase. However, significant concerns arise from the presence of two unprotected AJAX handlers, which represent direct entry points for potential malicious interaction without proper authentication checks. Furthermore, the use of the `unserialize` function, while not directly linked to a taint flow in this analysis, is inherently risky as it can lead to object injection vulnerabilities if the data being unserialized is controlled by an attacker.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
Vulnerabilities
None known

Hotspot Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Hotspot Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
29
121 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = wp_parse_args($data,unserialize(XOLO_HOTSPOT_DEFAULT_POINT));hotspot.php:480
unserialize$datapin = wp_parse_args($datapin,unserialize(XOLO_HOTSPOT_DEFAULT_PINS));hotspot.php:628

Output Escaping

81% escaped150 total outputs
Attack Surface
2 unprotected

Hotspot Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 3

authwp_ajax_xolo-hotspotadmin\inc\xolo-hotspot-notices.php:57
authwp_ajax_xolo_hotspot_clone_pointhotspot.php:660
authwp_ajax_xolo-hotspots-activate-themehotspot.php:747

Shortcodes 1

[xolo_hotspot] admin\inc\add_shortcode_xolo_hotspot.php:139
WordPress Hooks 20
actioninitadmin\inc\cpt-hotspot.php:55
actionadmin_head-post-new.phpadmin\inc\cpt-hotspot.php:66
actionadmin_head-post.phpadmin\inc\cpt-hotspot.php:67
filterpage_row_actionsadmin\inc\cpt-hotspot.php:70
filterpost_row_actionsadmin\inc\cpt-hotspot.php:71
filtermanage_edit-points_pin_columnsadmin\inc\cpt-hotspot.php:90
actionmanage_points_pin_posts_custom_columnadmin\inc\cpt-hotspot.php:103
actionadd_meta_boxesadmin\inc\metabox-upgrade.php:18
actionadmin_noticesadmin\inc\xolo-hotspot-notices.php:55
actionadmin_enqueue_scriptsadmin\inc\xolo-hotspot-notices.php:56
actionadd_meta_boxeshotspot.php:70
filterwp_default_editorhotspot.php:77
actionsave_posthotspot.php:398
actionadmin_enqueue_scriptshotspot.php:457
actionadmin_print_styleshotspot.php:467
actionwp_enqueue_scriptshotspot.php:476
filterwp_default_editorhotspot.php:505
actionadmin_noticeshotspot.php:745
actionadmin_noticeshotspot.php:746
actionadmin_enqueue_scriptshotspot.php:748
Maintenance & Trust

Hotspot Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedMar 30, 2021
PHP min version
Downloads2K

Community Trust

Rating20/100
Number of ratings2
Active installs70
Alternatives

Hotspot Alternatives

Image Hotspot by DevVN

Image Hotspot by DevVN

devvn-image-hotspot

A
96

Image Hotspot by DevVN helps you add hotspots to your images.

30K 2 CVEs
Interactive Image Map Plugin – Draw Attention

Interactive Image Map Plugin – Draw Attention

draw-attention

A
99

Create interactive images with clickable hotspots, using modern image maps for WordPress. Perfect for floor plans, infographics, maps, and more.

20K 2 CVEs
Shoppable Images (Lookbook) for WooCommerce

Shoppable Images (Lookbook) for WooCommerce

mabel-shoppable-images-lite

A
99

Create interactive 'shoppable' images (lookbooks) with click-to-buy tags. Ideal to showcase your products in a different way and drive more traffic.

7K 2 CVEs
Image Hotspot – Map Image Annotation

Image Hotspot – Map Image Annotation

image-map-hotspots

A
100

Image hotspot lets you easily add custom tooltips to your images and add hotspot when highlighting them. Furthermore, you have the option of setting c …

3K No CVEs
Vision – Interactive Image Map Builder

Vision – Interactive Image Map Builder

vision

A
98

Empower your site with interactive visuals! Our plugin seamlessly transforms static images into engaging media, enabling publishers and bloggers.

2K 3 CVEs
Developer Profile

Hotspot Developer Profile

Xolo Software

4 plugins · 210 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hotspot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hotspot/css/hotspot.css/wp-content/plugins/hotspot/js/hotspot.js
Script Paths
/wp-content/plugins/hotspot/js/hotspot.js
Version Parameters
hotspot/style.css?ver=hotspot/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
xolo-groupxolo_hotspot_wrapperxolo_spot_typexolo_hotspot_labelxolo_hotspot_formatxolo_text_labelxolo_slotglobal-text+47 more
HTML Comments
<!--post type--><!--add none field--><!--upload--><!--view image-->+18 more
Data Attributes
name="spot_type"class="xolo_hotspot_format"name="pins_txt_lbl"class="pins_txt_lbl pins_item"name="pins_txt_lbl_hover"class="pins_txt_lbl_hover pins_hover"+41 more
JS Globals
hotspot_dataxolo_upload_frame
Shortcode Output
[xolo_hotspot][xolo_hotspot id="hotspot_id"]
FAQ

Frequently Asked Questions about Hotspot