LH Profile Page Security & Risk Analysis
wordpress.org/plugins/lh-profile-pageLH Profile Page is a WordPress plugin that enables users to change their user data on the front end of the website
Is LH Profile Page Safe to Use in 2026?
Generally Safe
Score 85/100LH Profile Page has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "lh-profile-page" plugin version 1.2 exhibits a generally good security posture with no known vulnerabilities or critical issues identified in the static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are all positive indicators. The plugin also demonstrates good practice by incorporating nonce and capability checks, suggesting an effort to secure its entry points.
However, a notable concern is the low percentage of properly escaped output. With only 30% of the 10 identified outputs being properly escaped, this presents a potential risk for cross-site scripting (XSS) vulnerabilities. While the attack surface is small and no unauthenticated entry points were found, unescaped output is a common vector for attackers to inject malicious scripts. The plugin's vulnerability history is clean, which is a strong positive, but the presence of unescaped output means this could be an area where vulnerabilities might emerge if not addressed.
In conclusion, the plugin has a solid foundation with no immediate critical flaws detected. The primary area requiring attention is the output escaping. Addressing this weakness will significantly improve the plugin's overall security and mitigate the risk of XSS attacks, even in the absence of past vulnerabilities.
Key Concerns
- Low percentage of properly escaped output
LH Profile Page Security Vulnerabilities
LH Profile Page Code Analysis
Output Escaping
LH Profile Page Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
LH Profile Page Maintenance & Trust
Maintenance Signals
Community Trust
LH Profile Page Alternatives
JSM Show User Metadata
jsm-show-user-meta
Show user metadata in a metabox when editing users - a great tool for debugging issues with user metadata.
WP Frontend Profile
wp-front-end-profile
WP Frontend Profile allows users to edit/view their profile and register/login without going into the dashboard to do so.
BP XProfile Shortcode
bp-xprofile-shortcode
Adds Shortcode for BuddyPress XProfile data
One User Avatar | User Profile Picture
one-user-avatar
Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.
Simple Local Avatars
simple-local-avatars
Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!
LH Profile Page Developer Profile
77 plugins · 15K total installs
How We Detect LH Profile Page
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/lh-profile-page/assets/lh-profile-page.js/wp-content/plugins/lh-profile-page/assets/lh-profile-page.jslh-profile-page/style.css?ver=lh-profile-page.js?ver=HTML / DOM Fingerprints
login-field<!--[if lt IE 10]><br/><label for="lh_profile_page-users-display_name">Display Name</label><br/>--><!--[if lt IE 10]><br/><label for="lh_profile_page-users-user_email">Email</label><br/>--><!--[if lt IE 10]><br/><label for="lh_profile_page-usermeta-description">About Me</label><br/>--><!--[if lt IE 10]><br/><label for="lh_profile_page-taxonomy-category">Categories</label><br/>-->+29 moreid="lh_profile_page-users-display_name"id="lh_profile_page-users-user_email"id="lh_profile_page-usermeta-description"id="lh_profile_page-taxonomy-category"id="lh_profile_page-usermeta-billing_phone"id="lh_profile_page-usermeta-billing_address_1"+26 morewindow.lh_profile_page-update-resultvar lh_profile_page_noncevar lh_profile_page_nonce<form method="post" id="lh-profile-page-form" action="