WP-Safety

Humans TXT Security & Risk Analysis

wordpress.org/plugins/humanstxt

Credit the people behind your website in your humans.txt file. Easy to edit, directly within WordPress.

400 active installs v1.3.1 PHP + WP 3.0+ Updated Jun 10, 2019
humanhumanshumans-txthumanstxt
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Humans TXT Safe to Use in 2026?

Generally Safe

Score 85/100

Humans TXT has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The humansTXT plugin v1.3.1 exhibits a mixed security posture. While it has no recorded vulnerabilities (CVEs) and a lack of dangerous file operations or external HTTP requests are positive signs, several areas warrant concern. The presence of an unprotected AJAX handler represents a significant attack vector, as it lacks authentication checks, making it potentially exploitable by unauthenticated users. Furthermore, the plugin utilizes raw SQL queries without prepared statements, which can lead to SQL injection vulnerabilities if user input is not properly sanitized. The taint analysis reveals that all four analyzed flows have unsanitized paths, though thankfully none are classified as critical or high severity. However, this indicates a potential for data to be mishandled. The limited number of entry points is a positive, but the unprotected AJAX handler significantly increases the risk profile. Overall, the plugin has some good security practices but suffers from critical vulnerabilities in authentication and SQL handling.

Key Concerns

  • Unprotected AJAX handler
  • SQL queries without prepared statements
  • Unsanitized paths in taint flows
  • Low output escaping percentage
Vulnerabilities
None known

Humans TXT Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Humans TXT Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
0 prepared
Unescaped Output
31
22 escaped
Nonce Checks
3
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_function$content = preg_replace_callback('{(?:mailto:)?((?:[-!#$%&\'*+/=?^_`.{|}~\w\x80-\xFF]+|".*?")\@(?:[-humanstxt.php:307

SQL Query Safety

0% prepared2 total queries

Output Escaping

42% escaped53 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
humanstxt_ajax_preview (options.php:401)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Humans TXT Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_humanstxt-previewoptions.php:36

Shortcodes 1

[humanstxt] humanstxt.php:66
WordPress Hooks 15
actioninithumanstxt.php:61
actiontemplate_redirecthumanstxt.php:62
actiondo_humanshumanstxt.php:63
filterhumans_txthumanstxt.php:64
filterhumanstxt_contenthumanstxt.php:65
filterquery_varshumanstxt.php:161
actionwp_headhumanstxt.php:166
filteradmin_body_classlegacy.php:20
actionadmin_initoptions.php:31
actionadmin_menuoptions.php:32
actionadmin_noticesoptions.php:33
actionadmin_print_stylesoptions.php:34
actionadmin_print_scriptsoptions.php:35
actionafter_plugin_row_humans-txt/plugin.phpoptions.php:37
actionafter_plugin_row_humans-dot-txt/humans-dot-txt.phpoptions.php:38
Maintenance & Trust

Humans TXT Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedJun 10, 2019
PHP min version
Downloads24K

Community Trust

Rating100/100
Number of ratings7
Active installs400
Alternatives

Humans TXT Alternatives

Acknowledgify

Acknowledgify

acknowledgify

A
99

Acknowledgify lets agencies, freelancers, and developers add credits to WordPress sites via humans.txt, meta tags, and footer links.

100 1 CVE
Humans Dot Txt

Humans Dot Txt

humans-dot-txt

A
85

This plugin will add a dynamic humans.txt file generated from a template that you'll define yourself.

10 No CVEs
Digital Humans

Digital Humans

digital-humans

A
92

UNITH Digital Humans are personalized, real-time conversational assistants. Use this plugin to add a UNITH Digital Human to your website.

10 No CVEs
HumanCaptcha by Outerbridge

HumanCaptcha by Outerbridge

humancaptcha

A
85

HumanCaptcha is a Captcha that uses questions that require human logic to answer them to the WordPress login form, comments form and registration form …

300 No CVEs
WP-HR Manager: The Human Resources Plugin for WordPress

WP-HR Manager: The Human Resources Plugin for WordPress

wp-hr-manager

A
91

Easily add a powerful HR / human resource management system and employee self service (ESS) portal to your website. = Credits = This plugin uses [WP E …

300 1 CVE
Developer Profile

Humans TXT Developer Profile

Till Krüss

5 plugins · 411K total installs

82
trust score
Avg Security Score
91/100
Avg Patch Time
33 days
View full developer profile
Detection Fingerprints

How We Detect Humans TXT

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/humanstxt/css/humans.css/wp-content/plugins/humanstxt/js/humans.js
Script Paths
/wp-content/plugins/humanstxt/js/humans.js
Version Parameters
humanstxt/css/humans.css?ver=humanstxt/js/humans.js?ver=

HTML / DOM Fingerprints

CSS Classes
humanstxthumanstxt-headline
Data Attributes
data-humanstxt-id
JS Globals
window.humans
Shortcode Output
[humanstxt][humanstxt pre="1"][humanstxt plain="1"][humanstxt wrap="0"]
FAQ

Frequently Asked Questions about Humans TXT