Does Hurrakify have any unpatched vulnerabilities?

No. All known vulnerabilities in Hurrakify have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Hurrakify compatible with WordPress 6.9.4?

According to WordPress.org data, Hurrakify 8.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Hurrakify updated?

Hurrakify was last updated on Nov 28, 2025. Frequent updates are generally a positive security signal.

What is Hurrakify's security score?

Hurrakify has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hurrakify Security & Risk Analysis

wordpress.org/plugins/hurrakify

Hurrakify adds tooltips in Plain Language to your blog articles.

80 active installs v8.0.1 PHP + WP 2.0.2+ Updated Nov 28, 2025

bitveasy-to-readleichte-spracheworterbuchwiki

A · Safe

CVEs total1

Unpatched0

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is Hurrakify Safe to Use in 2026?

Generally Safe

Score 98/100

Hurrakify has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 11, 2024Updated 4mo ago

Risk Assessment

The 'hurrakify' plugin v8.0.1 presents a mixed security posture. While it shows strengths in its handling of SQL queries and output escaping, significant concerns arise from its unprotected entry points. The presence of two AJAX handlers without authentication checks creates a direct attack surface, allowing potentially unauthorized actions. Furthermore, the taint analysis reveals two flows with unsanitized paths, although these did not escalate to critical or high severity vulnerabilities in this scan. The plugin's vulnerability history, though currently clear of unpatched issues, does indicate a past high-severity vulnerability related to Server-Side Request Forgery (SSRF), suggesting a pattern of potential weaknesses that require ongoing vigilance. Despite good practices in some areas, the unprotected AJAX endpoints are a notable security risk that needs immediate attention.

Key Concerns

AJAX handlers without authentication checks
Flows with unsanitized paths found
No nonce checks on entry points
No capability checks on entry points
Past high-severity SSRF vulnerability

Vulnerabilities

Hurrakify Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2024-54330high · 7.2Server-Side Request Forgery (SSRF)

Hurrakify <= 2.4 - Unauthenticated Server-Side Request Forgery

Dec 11, 2024 Patched in 8.0.1 (9d)

Code Analysis

Analyzed Mar 16, 2026

Hurrakify Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

92% escaped12 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

hurraki_tooltip_proxy (hurrakify.php:24)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Hurrakify Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_hurraki_tooltip_proxyhurrakify.php:21

noprivwp_ajax_hurraki_tooltip_proxyhurrakify.php:22

WordPress Hooks 8

actionadmin_menuhurrakify.php:16

actionadmin_inithurrakify.php:17

actionactivated_pluginhurrakify.php:18

actionwp_enqueue_scriptshurrakify.php:20

actionplugins_loadedhurrakify.php:98

actionwp_headhurrakify.php:137

filterthe_contenthurrakify.php:199

actionhurrakify_weekly_update_checkhurrakify.php:221

Scheduled Events 1

hurrakify_weekly_update_check

Maintenance & Trust

Hurrakify Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 28, 2025

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs80

Alternatives

Hurrakify Alternatives

BuddyPress Docs

buddypress-docs

Adds collaborative Docs to BuddyPress.

7K 3 CVEs

weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot

wedocs

Build AI-powered documentation hub with knowledge base, docs, wiki tools and chatbot support with weDocs, built by weDevs with 13 years of innovation.

4K 5 CVEs

Knowledge Base documentation & wiki plugin – BasePress Docs

basepress

Easily create & manage documentation. Reduce support tickets & scale your customer support workload. This simple plugin works with any theme.

2K 4 CVEs

EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

eazydocs

Build professional knowledge bases with unlimited docs, drag-and-drop editor, live search, and SEO optimization.

2K 9 CVEs

Yada Wiki

yada-wiki

Yada Wiki is a simple wiki for your WordPress site.

2K 2 CVEs

Developer Profile

Hurrakify Developer Profile

hurraki

1 plugin · 80 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

9 days

View full developer profile

Detection Fingerprints

How We Detect Hurrakify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hurrakify/lib/tooltipster/css/tooltipster.css/wp-content/plugins/hurrakify/lib/tooltipster/js/jquery.tooltipster.js/wp-content/plugins/hurrakify/javascript/hurraki_tooltip_script.js

Script Paths

/wp-content/plugins/hurrakify/lib/tooltipster/js/jquery.tooltipster.js/wp-content/plugins/hurrakify/javascript/hurraki_tooltip_script.js

Version Parameters

hurrakify/lib/tooltipster/css/tooltipster.css?ver=hurrakify/lib/tooltipster/js/jquery.tooltipster.js?ver=hurrakify/javascript/hurraki_tooltip_script.js?ver=

HTML / DOM Fingerprints

CSS Classes

hurraki_tooltip

Data Attributes

data-title

JS Globals

hurraki_tooltiphurraki

REST Endpoints

/wp-json/hurraki_tooltip_proxy

FAQ