Does Hypotext have any unpatched vulnerabilities?

Yes — Hypotext currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Hypotext compatible with WordPress 5.7.15?

According to WordPress.org data, Hypotext 1.0.1 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is Hypotext updated?

Hypotext was last updated on Apr 6, 2021. Frequent updates are generally a positive security signal.

What is Hypotext's security score?

Hypotext has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hypotext Security & Risk Analysis

wordpress.org/plugins/hypotext

Click to expand hidden content within your article.

60 active installs v1.0.1 PHP + WP 3.0.1+ Updated Apr 6, 2021

articlecontenteditinghiddenhypotext

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 1, 2025

Download

Safety Verdict

Is Hypotext Safe to Use in 2026?

Use With Caution

Score 64/100

Hypotext has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 1, 2025Updated 4yr ago

Risk Assessment

The hypotext plugin v1.0.1 exhibits a mixed security posture. On the positive side, the static analysis reveals excellent coding practices in several key areas. All SQL queries are properly prepared, all output is correctly escaped, and there are no identified dangerous functions, file operations, or external HTTP requests. Furthermore, the plugin has a minimal attack surface with only one shortcode and no AJAX handlers or REST API routes that appear unprotected. Taint analysis shows no concerning flows. However, a significant concern is the presence of a known, unpatched medium severity vulnerability from April 2025. This suggests a potential for cross-site scripting, and the fact that it's unpatched is a direct risk to users. The lack of nonce and capability checks across the board, while seemingly acceptable given the limited attack surface, is a general weakness that could become a larger issue if the plugin's functionality or attack surface were to expand in the future without corresponding security enhancements.

Key Concerns

Unpatched medium severity CVE
0 Nonce checks
0 Capability checks

Vulnerabilities

Hypotext Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31761medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hypotext <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Hypotext Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Hypotext Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[hypotext] hypotext.php:61

WordPress Hooks 2

actionwp_enqueue_scriptshypotext.php:57

actionwp_enqueue_scriptshypotext.php:59

Maintenance & Trust

Hypotext Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedApr 6, 2021

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

Hypotext Alternatives

Automatik Blog

automatik-blog

A plugin for integration with Automatik Blog, allowing automated publishing of SEO-optimized articles via REST API.

1K No CVEs

Outrank

outrank

100

Outrank automatically creates and publishes SEO-optimized articles to your WordPress site as blog posts or drafts.

1K No CVEs

GetAutoSEO AI Tool

getautoseo-ai-content-publisher

100

Automate your SEO content creation and publishing with AI-powered tools. Generate high-quality articles and publish directly to WordPress.

700 No CVEs

Kafkai – AI Writer Plugin

kafkai

Plugin to generate and import articles from Kafkai. Learn more in the Help Article

400 No CVEs

Secret Content

secret-content

Easily mark any post or a page as "for logged in members only", hiding it from public view! (not for custom post types).

200 No CVEs

Developer Profile

Hypotext Developer Profile

DEJAN

3 plugins · 80 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hypotext

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hypotext/css/hypotext.css/wp-content/plugins/hypotext/js/hypotext.js

Script Paths

/wp-content/plugins/hypotext/js/hypotext.js

Version Parameters

hypotext.css?ver=hypotext.js?ver=

HTML / DOM Fingerprints

CSS Classes

hypotexthypotext-anchor-hypotext-contenthypotext-content-closedclose

Data Attributes

id="hypotext-anchor-rel="hypotext-content-class="hypotext closed"class="hypotext-content hypotext-content-rel="hypotext-anchor-class="hypotext closed close"

Shortcode Output

<a href="#" id="hypotext-anchor-<div class="hypotext-content hypotext-content-<a href="#" class="hypotext closed close" rel="hypotext-content-

FAQ