WP-Safety

LH RDF Security & Risk Analysis

wordpress.org/plugins/lh-rdf

This plugin publishes your weblog as RDF in multiple formats (xml, turtle, json etc). Mapping WordPress objects to the major ontologies.

10 active installs v1.21 PHP + WP 3.0+ Updated Aug 21, 2015
feedfeedslocalherordfsioc
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is LH RDF Safe to Use in 2026?

Generally Safe

Score 85/100

LH RDF has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "lh-rdf" plugin v1.21 exhibits a mixed security posture. On the positive side, it has a zero attack surface from common entry points like AJAX handlers, REST API routes, shortcodes, and cron events, and no known CVEs or past vulnerabilities. This suggests a potentially well-hardened plugin against external exploitation vectors. However, the static analysis reveals significant internal code concerns. The presence of dangerous functions like `exec`, `proc_open`, and `unserialize` is a major red flag, indicating potential for arbitrary code execution if user-supplied data is not meticulously validated before being passed to these functions. Furthermore, the low rate of properly escaped output (23%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into pages viewed by other users. While taint analysis found no critical or high severity flows, the single unsanitized path flow warrants attention given the presence of dangerous functions. The lack of nonce checks and limited capability checks also contribute to potential security weaknesses.

Key Concerns

  • Presence of dangerous functions (exec, proc_open, unserialize)
  • Low output escaping rate (23%)
  • Lack of nonce checks
  • Limited capability checks (2)
  • Taint flow with unsanitized path
  • SQL queries not using prepared statements (25%)
Vulnerabilities
None known

LH RDF Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

LH RDF Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

LH RDF Code Analysis

Dangerous Functions
4
Raw SQL Queries
1
3 prepared
Unescaped Output
40
12 escaped
Nonce Checks
0
Capability Checks
2
File Operations
8
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

exec$result = exec("$rapperCmd --version 2>/dev/null", $output, $status);library/EasyRdf/Parser/Rapper.php:59
exec$result = exec("$rapperCmd --version 2>/dev/null", $output, $status);library/EasyRdf/Serialiser/Rapper.php:60
proc_open$process = proc_open($fullCommand, $descriptorspec, $pipes, $dir);library/EasyRdf/Utils.php:258
unserializereturn unserialize(serialize($value));library/php-json-ld.php:1939

SQL Query Safety

75% prepared4 total queries

Output Escaping

23% escaped52 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
<lh-rdf> (lh-rdf.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

LH RDF Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actioninitlh-rdf.php:498
actiontemplate_redirectlh-rdf.php:499
actionwp_headlh-rdf.php:500
filterquery_varslh-rdf.php:501
actionparse_querylh-rdf.php:502
filterimage_downsizelibrary/object-handlers.php:60
filterlh_rdf_nodeslibrary/relationships.php:439
filterlh_rdf_graphlibrary/relationships.php:440
filterlh_rdf_namespaceslibrary/relationships.php:441
actionadmin_menulibrary/relationships.php:442
filterplugin_action_linkslibrary/relationships.php:443
Maintenance & Trust

LH RDF Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedAug 21, 2015
PHP min version
Downloads4K

Community Trust

Rating90/100
Number of ratings2
Active installs10
Alternatives

LH RDF Alternatives

LH Relationships

LH Relationships

lh-relationships

A
85

This plugin allows allows the creation and publishing of triple relationships in RDF format.

10 No CVEs
Disable Feeds

Disable Feeds

disable-feeds

A
85

Disables all RSS/Atom/RDF feeds on your WordPress site.

20K No CVEs
Disable RSS, RDF, and Atom Feeds

Disable RSS, RDF, and Atom Feeds

disable-rss-rdf-atom-feeds

A
92

Disable all RSS, RDF, and Atom feeds on your WordPress site with the option to control behavior such as redirection or issuing a 404 error.

10 No CVEs
Feeds in Theme plugin

Feeds in Theme plugin

feeds-in-theme

A
85

Creates 4 feeds :

10 No CVEs
EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

embedpress

A
94

EmbedPress lets you embed videos, pages, social feeds, embed PDF 3D flipbooks & other content on WordPress without coding & enhance storytelling.

100K 27 CVEs
Developer Profile

LH RDF Developer Profile

shawfactor

89 plugins · 15K total installs

90
trust score
Avg Security Score
85/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect LH RDF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/lh-rdf/context/content/visualizer.css/wp-content/plugins/lh-rdf/context/content/visualizer-skin.css/wp-content/plugins/lh-rdf/context/content/visualizer-ie6.css/wp-content/plugins/lh-rdf/context/scripts/visualizer_compiled_min.js/wp-content/plugins/lh-rdf/context/example/example_schema.json
Script Paths
/wp-content/plugins/lh-rdf/context/scripts/visualizer_compiled_min.js
Version Parameters
visualizer_compiled_min.js?foo=bar

HTML / DOM Fingerprints

HTML Comments
Visualizer CSS filesVisualizer IE6 CSS fileVisualizer release version script include fileVisualizer example code+3 more
Data Attributes
visualizer_canvasid="visualizer_canvas"
JS Globals
VisualizerAppapp
FAQ

Frequently Asked Questions about LH RDF