LH Tools Security & Risk Analysis
wordpress.org/plugins/lh-toolsLH Tools is a wordpress plugin that enables a sparql endpoint for for WordPress sites. This will enable semantic querying of WordPress data.
Is LH Tools Safe to Use in 2026?
Generally Safe
Score 85/100LH Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "lh-tools" plugin v0.15 presents a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and having no known CVEs, significant concerns arise from its static analysis. The complete absence of nonce checks and capability checks, coupled with the presence of the `exec` dangerous function and unsanitized path taint flows, creates potential avenues for malicious exploitation. The fact that 100% of its outputs are not properly escaped is also a serious weakness, potentially leading to Cross-Site Scripting (XSS) vulnerabilities. The plugin has no recorded vulnerability history, which is a positive sign, but this cannot fully mitigate the risks identified in the current code. The limited attack surface and zero unprotected entry points are commendable, but the identified code signals and taint analysis suggest that if an attacker could find a way to trigger these flaws, the impact could be severe.
Key Concerns
- Dangerous function `exec` found
- Unsanitized path taint flows found (2 high severity)
- No nonce checks present
- No capability checks present
- 0% output properly escaped
- 2 file operations found
- 2 external HTTP requests found
LH Tools Security Vulnerabilities
LH Tools Release Timeline
LH Tools Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
LH Tools Attack Surface
Shortcodes 2
WordPress Hooks 8
Scheduled Events 1
Maintenance & Trust
LH Tools Maintenance & Trust
Maintenance Signals
Community Trust
LH Tools Alternatives
LH RDF
lh-rdf
This plugin publishes your weblog as RDF in multiple formats (xml, turtle, json etc). Mapping WordPress objects to the major ontologies.
LH Relationships
lh-relationships
This plugin allows allows the creation and publishing of triple relationships in RDF format.
PoolParty Thesaurus
poolparty-thesaurus
PoolParty plugin makes websites more understandable. Blogs benefit from linking posts with key terms automatically. The plugin uses SKOS vocabularies
Disable REST API
disable-json-api
Disable the use of the REST API on your website to site users. Now with User Role support!
JWT Authentication for WP REST API
jwt-authentication-for-wp-rest-api
Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
LH Tools Developer Profile
89 plugins · 15K total installs
How We Detect LH Tools
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/lh-tools/arc/js/arc.js/wp-content/plugins/lh-tools/arc/js/arc.min.js/wp-content/plugins/lh-tools/css/lh-tools.css/wp-content/plugins/lh-tools/js/lh-tools.js/wp-content/plugins/lh-tools/arc/js/arc.js/wp-content/plugins/lh-tools/arc/js/arc.min.js/wp-content/plugins/lh-tools/js/lh-tools.jsHTML / DOM Fingerprints
rdf-toolsform-item== Changelog ==License:Copyright 2011 Peter Shaw (email : pete@localhero.biz)This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.+7 morename="store_setup"id="store_setup"name="store_reset"id="store_reset"name="store_drop"id="store_drop"+10 morerdf_tools_get_tokenrdf_tools_handle_options_submitrdf_tools_get_store_options_fieldslh_tools_get_lh_rdf_get_linklh_rdf_get_linkrdf_tools_get_endpoint_options_fields+2 more/wp-json/lh-tools/