WP-Safety

Hunk Companion Security & Risk Analysis

wordpress.org/plugins/hunk-companion

Adds customizer settings and controls to the Gogo Theme.

6K active installs v2.0.1 PHP + WP + Updated Feb 14, 2026
customizerserviceteamtestimonialthemehunk
93
A · Safe
CVEs total2
Unpatched0
Last CVEDec 10, 2024
Plugin page Download
Safety Verdict

Is Hunk Companion Safe to Use in 2026?

Generally Safe

Score 93/100

Hunk Companion has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Dec 10, 2024Updated 3mo ago
Risk Assessment

The hunk-companion v2.0.1 plugin exhibits a mixed security posture. While it demonstrates some good practices like a high percentage of prepared SQL statements and a decent amount of output escaping, significant concerns arise from its attack surface and historical vulnerabilities. A notable risk is the presence of 6 unprotected AJAX handlers, representing a considerable entry point for potential unauthorized actions. The plugin also has a history of critical vulnerabilities, specifically related to missing authorization, which is a serious red flag. Although there are currently no unpatched critical vulnerabilities, the past occurrence of two critical CVEs, both due to missing authorization, suggests a recurring weakness that requires careful monitoring and prompt patching of any future disclosures. The taint analysis did not reveal critical or high severity issues, which is a positive sign, but the unsanitized paths found warrant attention, especially in conjunction with the unprotected AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers present
  • History of critical CVEs (Missing Authorization)
  • Flows with unsanitized paths found
Vulnerabilities
2 published

Hunk Companion Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
2

2 total CVEs

CVE-2024-11972critical · 9.8Missing Authorization

Hunk Companion <= 1.8.5 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation

Dec 10, 2024 Patched in 1.9.0 (39d)
CVE-2024-9707critical · 9.8Missing Authorization

Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation

Oct 10, 2024 Patched in 1.8.5 (1d)
Version History

Hunk Companion Release Timeline

v2.0.1Current
v2.0
v1.9.17
v1.9.16
v1.9.15
v1.9.14
v1.9.13
v1.9.12
v1.9.11
v1.9.10
v1.9.8
v1.9.7
v1.9.6
v1.9.5
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.8.81 CVE
CVE-2024-11972
Code Analysis
Analyzed Mar 16, 2026

Hunk Companion Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
5 prepared
Unescaped Output
856
1396 escaped
Nonce Checks
14
Capability Checks
15
File Operations
9
External Requests
3
Bundled Libraries
0

SQL Query Safety

71% prepared7 total queries

Output Escaping

62% escaped2252 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths
import_data (import\app\app.php:61)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Hunk Companion Attack Surface

Entry Points33
Unprotected6

AJAX Handlers 26

authwp_ajax_almaira_shop_sort_filter_ajaxalmaira-shop\almaira-shop-admin\woo-function.php:308
noprivwp_ajax_almaira_shop_sort_filter_ajaxalmaira-shop\almaira-shop-admin\woo-function.php:309
authwp_ajax_almaira_shop_product_section_filter_product_ajaxalmaira-shop\almaira-shop-admin\woo-function.php:425
noprivwp_ajax_almaira_shop_product_section_filter_product_ajaxalmaira-shop\almaira-shop-admin\woo-function.php:426
noprivwp_ajax_hunk_companion_portfolio_ajaxgogolite\admin\gogo-admin.php:307
authwp_ajax_hunk_companion_portfolio_ajaxgogolite\admin\gogo-admin.php:308
authwp_ajax_hunk_companion_import_processimport\app\app.php:15
authwp_ajax_hunk_companion_handler_dataimport\app\app.php:16
authwp_ajax_hunk_companion_import_xmlimport\app\app.php:17
authwp_ajax_hunk_companion_import_cutomizerimport\app\app.php:18
authwp_ajax_hunk_companion_mport_optionsimport\app\app.php:19
authwp_ajax_hunk_companion_import_widgetsimport\app\app.php:20
authwp_ajax_hunk_companion_sites_coreimport\app\app.php:21
authwp_ajax_hunk-companion-sites-wxr-importimport\core\importer\wxr-importer.php:67
authwp_ajax_open_mart_cat_filter_ajaxopen-mart\open-mart-admin\woo\woo-ajax-function.php:7
noprivwp_ajax_open_mart_cat_filter_ajaxopen-mart\open-mart-admin\woo\woo-ajax-function.php:8
authwp_ajax_open_shop_cat_filter_ajaxopen-shop\open-shop-admin\woo\woo-ajax-function.php:7
noprivwp_ajax_open_shop_cat_filter_ajaxopen-shop\open-shop-admin\woo\woo-ajax-function.php:8
noprivwp_ajax_portfolioline_portfolio_ajaxportfoliolite\admin\portfoliolite-function.php:177
authwp_ajax_portfolioline_portfolio_ajaxportfoliolite\admin\portfoliolite-function.php:178
authwp_ajax_elemento_simple_postth-shop-mania\elemento-simple-post\ajx.php:3
noprivwp_ajax_elemento_simple_postth-shop-mania\elemento-simple-post\ajx.php:4
authwp_ajax_elemento_quick_view_product_simpleth-shop-mania\product-simple-addon\ajx.php:7
noprivwp_ajax_elemento_quick_view_product_simpleth-shop-mania\product-simple-addon\ajx.php:8
authwp_ajax_top_store_cat_filter_ajaxtop-store\top-store-admin\woo\woo-ajax-function.php:6
noprivwp_ajax_top_store_cat_filter_ajaxtop-store\top-store-admin\woo\woo-ajax-function.php:7

Shortcodes 7

[almaira-shop] almaira-shop\almaira-shop-admin\almaira_shop_shortcode.php:31
[almaira-shop-contact-page] almaira-shop\almaira-shop-admin\almaira_shop_shortcode.php:127
[gogo] gogolite\admin\gogo_shortcode.php:34
[open-mart] open-mart\open-mart-admin\open-mart-shortcode.php:32
[open-shop] open-shop\open-shop-admin\open-shop-shortcode.php:32
[portfoliolite] portfoliolite\admin\portfoliolite-shortcode.php:33
[top-store] top-store\top-store-admin\top-store-shortcode.php:33
WordPress Hooks 136
filterwp_is_mobilealmaira-shop\almaira-shop-admin\frontpage-function.php:29
filterkses_allowed_protocolsalmaira-shop\almaira-shop-admin\frontpage-function.php:88
actioncustomize_preview_initalmaira-shop\customizer\customize-focus-section\almaira-shop-focus-section.php:6
actioncustomize_controls_initalmaira-shop\customizer\customize-focus-section\almaira-shop-focus-section.php:7
actioncustomize_registeralmaira-shop\customizer\customizer.php:20
filterpt-ocdi/disable_pt_brandingalmaira-shop\demo\import-data.php:2
filterpt-ocdi/regenerate_thumbnails_in_content_importalmaira-shop\demo\import-data.php:3
filterpt-ocdi/import_filesalmaira-shop\demo\import-data.php:38
actionpt-ocdi/after_importalmaira-shop\demo\import-data.php:102
actioninitgogolite\admin\custom-taxonomy.php:8
actioninitgogolite\admin\custom-taxonomy.php:15
actioninitgogolite\admin\custom-taxonomy.php:17
filterbody_classgogolite\admin\gogo-function.php:14
filterbody_classgogolite\admin\gogo-function.php:24
filterbody_classgogolite\admin\gogo-function.php:35
filterkses_allowed_protocolsgogolite\admin\gogo-function.php:90
actioncustomize_controls_enqueue_scriptsgogolite\customizer\custom-customizer.php:4
actioncustomize_controls_initgogolite\customizer\customizer-scroll\class\class-themehunk-customize-control-scroll.php:17
actioncustomize_preview_initgogolite\customizer\customizer-scroll\class\class-themehunk-customize-control-scroll.php:18
actioncustomize_registergogolite\customizer\gogo-customizer.php:1591
actionwp_enqueue_scriptshunk-companion.php:42
filterbody_classhunk-companion.php:49
actionwp_enqueue_scriptshunk-companion.php:50
actionwp_enqueue_scriptshunk-companion.php:56
actionwp_enqueue_scriptshunk-companion.php:62
actionwp_enqueue_scriptshunk-companion.php:67
actioncustomize_controls_enqueue_scriptshunk-companion.php:68
actionwp_enqueue_scriptshunk-companion.php:74
actionadmin_enqueue_scriptshunk-companion.php:80
actionafter_setup_themehunk-companion.php:85
actioninitimport\admin\init.php:22
actionadmin_enqueue_scriptsimport\admin\init.php:23
actioninitimport\admin\init.php:25
actionadmin_headimport\admin\init.php:26
actionadmin_menuimport\admin\init.php:62
actionadmin_body_classimport\admin\init.php:108
filterupload_mimesimport\core\class-helper.php:31
filterimport_post_meta_keyimport\core\importer\class-wxr-importer.php:322
filterhttp_request_timeoutimport\core\importer\class-wxr-importer.php:323
actionadmin_initimport\core\importer\import-log.php:57
actionthemehunk_import_startimport\core\importer\import-log.php:80
filterupload_mimesimport\core\importer\wxr-importer.php:66
filterwxr_importer.pre_process.userimport\core\importer\wxr-importer.php:68
filterwxr_importer.pre_process.userimport\core\importer\wxr-importer.php:122
filterwp_image_editorsimport\core\importer\wxr-importer.php:125
filterwxr_importer.pre_process.postimport\core\importer\wxr-importer.php:128
actionwxr_importer.processed.postimport\core\importer\wxr-importer.php:131
actionwxr_importer.process_failed.postimport\core\importer\wxr-importer.php:132
actionwxr_importer.process_already_imported.postimport\core\importer\wxr-importer.php:133
actionwxr_importer.process_skipped.postimport\core\importer\wxr-importer.php:134
actionwxr_importer.processed.commentimport\core\importer\wxr-importer.php:135
actionwxr_importer.process_already_imported.commentimport\core\importer\wxr-importer.php:136
actionwxr_importer.processed.termimport\core\importer\wxr-importer.php:137
actionwxr_importer.process_failed.termimport\core\importer\wxr-importer.php:138
actionwxr_importer.process_already_imported.termimport\core\importer\wxr-importer.php:139
actionwxr_importer.processed.userimport\core\importer\wxr-importer.php:140
actionwxr_importer.process_failed.userimport\core\importer\wxr-importer.php:141
filterwp_import_post_metaimport\core\importer\wxr-importer.php:403
filterwxr_importer.pre_process.post_metaimport\core\importer\wxr-importer.php:404
actioninitimport\core\inc.php:25
actionadmin_initnotify\notify.php:14
actionadmin_noticesnotify\notify.php:19
actionadmin_enqueue_scriptsnotify\notify.php:20
actionadmin_noticesnotify\notify.php:25
actioncustomize_preview_initopen-mart\customizer\customize-focus-section\open-mart-focus-section.php:6
actioncustomize_controls_initopen-mart\customizer\customize-focus-section\open-mart-focus-section.php:7
actioncustomize_registeropen-mart\customizer\customizer.php:20
filterpt-ocdi/disable_pt_brandingopen-mart\demo\import-data.php:2
filterpt-ocdi/regenerate_thumbnails_in_content_importopen-mart\demo\import-data.php:3
filterpt-ocdi/import_filesopen-mart\demo\import-data.php:29
actionpt-ocdi/after_importopen-mart\demo\import-data.php:93
actioncustomize_controls_enqueue_scriptsopen-mart\open-mart-admin\open-mart-front-page-function.php:364
actionadmin_enqueue_scriptsopen-mart\open-mart-admin\open-mart-front-page-function.php:365
actionwp_footeropen-mart\open-mart-admin\woo\woo-function.php:796
actionadmin_enqueue_scriptsopen-mart\widget\about-us-widget.php:12
actionwidgets_initopen-mart\widget\about-us-widget.php:17
actionwidgets_initopen-mart\widget\highlight-widget.php:8
actionwidgets_initopen-mart\widget\post-single-slide-widget.php:6
actionadmin_enqueue_scriptsopen-mart\widget\testimonial-widget.php:12
actionwidgets_initopen-mart\widget\testimonial-widget.php:17
actioncustomize_preview_initopen-shop\customizer\customize-focus-section\open-shop-focus-section.php:6
actioncustomize_controls_initopen-shop\customizer\customize-focus-section\open-shop-focus-section.php:7
actioncustomize_registeropen-shop\customizer\customizer.php:58
filterpt-ocdi/disable_pt_brandingopen-shop\demo\import-data.php:2
filterpt-ocdi/regenerate_thumbnails_in_content_importopen-shop\demo\import-data.php:3
filterpt-ocdi/import_filesopen-shop\demo\import-data.php:39
actionpt-ocdi/after_importopen-shop\demo\import-data.php:103
actionadmin_enqueue_scriptsopen-shop\widget\about-us-widget.php:13
actionwidgets_initopen-shop\widget\about-us-widget.php:18
actionwidgets_initopen-shop\widget\post-single-slide-widget.php:6
actioninitportfoliolite\admin\custom-taxonomy.php:9
actioninitportfoliolite\admin\custom-taxonomy.php:15
actioninitportfoliolite\admin\custom-taxonomy.php:16
actioncustomize_preview_initportfoliolite\customizer\customize-focus-section\portfoliolite-focus-section.php:6
actioncustomize_controls_initportfoliolite\customizer\customize-focus-section\portfoliolite-focus-section.php:7
actioncustomize_controls_initportfoliolite\customizer\customizer-scroll\class\class-themehunk-customize-control-scroll.php:16
actioncustomize_preview_initportfoliolite\customizer\customizer-scroll\class\class-themehunk-customize-control-scroll.php:17
actioncustomize_registerportfoliolite\customizer\customizer.php:159
filterpt-ocdi/disable_pt_brandingportfoliolite\demo\import-data.php:2
filterpt-ocdi/regenerate_thumbnails_in_content_importportfoliolite\demo\import-data.php:3
filterpt-ocdi/import_filesportfoliolite\demo\import-data.php:29
actionpt-ocdi/after_importportfoliolite\demo\import-data.php:93
actionwidgets_initportfoliolite\widgets\service-widget.php:8
actionwidgets_initportfoliolite\widgets\social-icon-widget.php:7
actionadmin_enqueue_scriptsportfoliolite\widgets\social-icon-widget.php:12
actionwidgets_initportfoliolite\widgets\team-widget.php:6
actionadmin_enqueue_scriptsportfoliolite\widgets\team-widget.php:11
actionwidgets_initportfoliolite\widgets\testimonial-widget.php:7
actionadmin_enqueue_scriptsportfoliolite\widgets\testimonial-widget.php:12
actionwidgets_initportfoliolite\widgets\widgets.php:30
filterpt-ocdi/disable_pt_brandingth-shop-mania\demo\import.php:2
filterpt-ocdi/regenerate_thumbnails_in_content_importth-shop-mania\demo\import.php:3
filterpt-ocdi/import_filesth-shop-mania\demo\import.php:49
actionpt-ocdi/after_importth-shop-mania\demo\import.php:116
actionelementor/frontend/after_enqueue_stylesth-shop-mania\init.php:13
actionelementor/frontend/after_register_scriptsth-shop-mania\init.php:14
actionadmin_enqueue_scriptsth-shop-mania\init.php:16
actionwp_enqueue_scriptsth-shop-mania\init.php:17
actionelementor/elements/categories_registeredth-shop-mania\init.php:62
actionelementor/widgets/widgets_registeredth-shop-mania\init.php:75
actioncustomize_preview_inittop-store\customizer\customize-focus-section\top-store-focus-section.php:6
actioncustomize_controls_inittop-store\customizer\customize-focus-section\top-store-focus-section.php:7
actioncustomize_registertop-store\customizer\customizer.php:55
filterpt-ocdi/disable_pt_brandingtop-store\demo\import-data.php:2
filterpt-ocdi/regenerate_thumbnails_in_content_importtop-store\demo\import-data.php:3
filterpt-ocdi/import_filestop-store\demo\import-data.php:39
actionpt-ocdi/after_importtop-store\demo\import-data.php:103
actioncustomize_controls_enqueue_scriptstop-store\top-store-admin\top-store-front-page-function.php:209
actionadmin_enqueue_scriptstop-store\top-store-admin\top-store-front-page-function.php:210
actionwp_footertop-store\top-store-admin\top-store-front-page-function.php:240
actionadmin_enqueue_scriptstop-store\widget\about-us-widget.php:12
actionwidgets_inittop-store\widget\about-us-widget.php:17
actionwidgets_inittop-store\widget\highlight-widget.php:8
actionwidgets_inittop-store\widget\post-single-slide-widget.php:6
actionadmin_enqueue_scriptstop-store\widget\testimonial-widget.php:12
actionwidgets_inittop-store\widget\testimonial-widget.php:17
Maintenance & Trust

Hunk Companion Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 14, 2026
PHP min version
Downloads411K

Community Trust

Rating100/100
Number of ratings2
Active installs6K
Alternatives

Hunk Companion Alternatives

ThemeHunk Customizer

ThemeHunk Customizer

themehunk-customizer

A
100

ThemeHunk Customiser plugin will add features of testimonial, team and service.

7K No CVEs
Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

cozy-essential-addons

A
100

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K No CVEs
Organic Builder Widgets – Simple WordPress Page Builder

Organic Builder Widgets – Simple WordPress Page Builder

organic-customizer-widgets

A
85

A simple WordPress page builder, Organic Builder Widgets provides a collection of 12 custom widgets to be used in the Customizer as content sections.

4K No CVEs
ThemeFarmer Companion

ThemeFarmer Companion

themefarmer-companion

A
85

Advance Extension For ThemeFarmer Theme. enjoy full functionality of ThemeFarmer theme by installing this plugin.

2K No CVEs
Walker Core

Walker Core

walker-core

A
99

Walker Core is the companion plugin for WalkerWP Themes, which provides core functionality and custom post type for the themes.

900 1 CVE
Developer Profile

Hunk Companion Developer Profile

ThemeHunk

49 plugins · 64K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
188 days
View full developer profile
Detection Fingerprints

How We Detect Hunk Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hunk-companion/gogolite/css/gogo-css/section.css/wp-content/plugins/hunk-companion/gogolite/css/gogo-css/animate.css/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/owl.carousel.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/typer.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/isotope.pkgd.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/vertical-navigation-modernizr.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/vertical-navigation-main.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/wow.min.js+13 more
Script Paths
/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/owl.carousel.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/typer.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/isotope.pkgd.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/vertical-navigation-modernizr.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/vertical-navigation-main.js/wp-content/plugins/hunk-companion/gogolite/js/gogo-js/wow.min.js+9 more
Version Parameters
hunk-companion/gogolite/css/gogo-css/section.css?ver=hunk-companion/gogolite/css/gogo-css/animate.css?ver=hunk-companion/gogolite/js/gogo-js/owl.carousel.js?ver=hunk-companion/gogolite/js/gogo-js/typer.js?ver=hunk-companion/gogolite/js/gogo-js/isotope.pkgd.js?ver=hunk-companion/gogolite/js/gogo-js/vertical-navigation-modernizr.js?ver=hunk-companion/gogolite/js/gogo-js/vertical-navigation-main.js?ver=hunk-companion/gogolite/js/gogo-js/wow.min.js?ver=hunk-companion/gogolite/js/gogo-js/custom.js?ver=hunk-companion/almaira-shop/assets/css/owl.carousel.css?ver=hunk-companion/almaira-shop/assets/css/swiper.css?ver=hunk-companion/almaira-shop/assets/js/swiper.js?ver=hunk-companion/almaira-shop/assets/js/almaira-custom.js?ver=hunk-companion/open-shop/assets/js/jssor.slider.min.js?ver=hunk-companion/open-shop/assets/js/custom.js?ver=hunk-companion/open-shop/open-shop-admin/woo/js/woocommerce.js?ver=hunk-companion/portfoliolite/admin/css/customizer.css?ver=hunk-companion/portfoliolite/admin/js/customizer.js?ver=hunk-companion/th-shop-mania/assets/css/th-sm-customizer.css?ver=hunk-companion/th-shop-mania/assets/js/th-sm-customizer.js?ver=hunk-companion/th-shop-mania/assets/js/th-sm-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
gogolite
JS Globals
frontendajaxopen_shop
FAQ

Frequently Asked Questions about Hunk Companion