Does MW WP Hacks have any unpatched vulnerabilities?

No. All known vulnerabilities in MW WP Hacks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MW WP Hacks compatible with WordPress 4.1.0?

According to WordPress.org data, MW WP Hacks 1.4.0 has been tested up to WordPress 4.1.0. Check the plugin's changelog for the latest compatibility information.

How often is MW WP Hacks updated?

MW WP Hacks was last updated on Feb 18, 2015. Frequent updates are generally a positive security signal.

What is MW WP Hacks's security score?

MW WP Hacks has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MW WP Hacks Security & Risk Analysis

wordpress.org/plugins/mw-wp-hacks

MW WP Hacks is plugin to help with development in WordPress.

60 active installs v1.4.0 PHP + WP 3.6+ Updated Feb 18, 2015

hacksetting

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MW WP Hacks Safe to Use in 2026?

Generally Safe

Score 85/100

MW WP Hacks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "mw-wp-hacks" plugin v1.4.0 demonstrates a generally good security posture in several key areas, including the absence of known vulnerabilities and a high percentage of properly escaped output. The fact that there are no recorded CVEs, critical or high severity vulnerabilities, or common vulnerability types suggests a diligent approach to security by the developers.

However, there are notable areas for concern. The plugin has one AJAX handler that lacks authentication checks, creating a direct attack vector. While the static analysis did not reveal any dangerous functions, SQL injection possibilities, or unsanitized taint flows, the unprotected AJAX endpoint represents a significant weakness. The absence of nonce checks on this entry point further exacerbates the risk, as it could be exploited by attackers to trigger actions without proper user authorization.

Despite the lack of historical vulnerabilities, the presence of an unprotected AJAX handler is a critical finding that warrants attention. The plugin's strengths lie in its minimal attack surface outside of this one handler and its robust output escaping. The weakness, however, is a single, but potent, unauthenticated entry point.

Key Concerns

Unprotected AJAX handler
Missing nonce check on AJAX handler

Vulnerabilities

None known

MW WP Hacks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

MW WP Hacks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

294 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped311 total outputs

Attack Surface

1 unprotected

MW WP Hacks Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_query-attachmentsmw-wp-hacks.php:110

Shortcodes 1

[local_nav] mw-wp-hacks.php:178

WordPress Hooks 36

actionadmin_initclasses\class.abstract-setting.php:37

actioninitclasses\class.manage-custom-post-type.php:25

actionright_now_content_table_endclasses\class.manage-custom-post-type.php:28

filterdashboard_glance_itemsclasses\class.manage-custom-post-type.php:29

actionadmin_print_stylesclasses\class.manage-custom-post-type.php:30

actioninitclasses\class.manage-custom-post-type.php:33

actionadmin_menuclasses\class.mw-wp-hacks-admin.php:19

actionadmin_enqueue_scriptsclasses\class.mw-wp-hacks-admin.php:33

actionadmin_headclasses\class.setting-ogp.php:90

actionsave_postclasses\class.setting-ogp.php:91

actionadmin_enqueue_scriptsclasses\class.setting-ogp.php:92

filteruser_contactmethodsclasses\class.setting-social.php:20

actionprofile_updateclasses\class.setting-social.php:21

actionplugins_loadedmw-wp-hacks.php:33

actionafter_setup_thememw-wp-hacks.php:63

actionpre_get_postsmw-wp-hacks.php:109

actionpre_get_postsmw-wp-hacks.php:113

filterimg_caption_shortcodemw-wp-hacks.php:116

actionwp_terms_checklist_argsmw-wp-hacks.php:119

actionadmin_headmw-wp-hacks.php:122

filteradmin_post_thumbnail_htmlmw-wp-hacks.php:125

filterwp_titlemw-wp-hacks.php:128

actionwp_headmw-wp-hacks.php:134

filterwp_trim_excerptmw-wp-hacks.php:138

filterexcerpt_moremw-wp-hacks.php:141

filterpre_get_postsmw-wp-hacks.php:144

actionwp_headmw-wp-hacks.php:149

actiontransition_post_statusmw-wp-hacks.php:152

filterwp_footermw-wp-hacks.php:156

actionwp_headmw-wp-hacks.php:159

actionwp_headmw-wp-hacks.php:160

actionwidgets_initmw-wp-hacks.php:166

actiontemplate_redirectmw-wp-hacks.php:169

actiontemplate_redirectmw-wp-hacks.php:172

actionadmin_headmw-wp-hacks.php:173

actionpre_get_postsmw-wp-hacks.php:176

Maintenance & Trust

MW WP Hacks Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.0

Last updatedFeb 18, 2015

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings2

Active installs60

Alternatives

MW WP Hacks Alternatives

One Click Demo Import

one-click-demo-import

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs

CMB2

cmb2

CMB2 is a metabox, custom fields, and forms library for WordPress that will blow your mind.

300K 1 CVE

OptionTree

option-tree

Theme Options UI Builder for WordPress. A simple way to create & save Theme Options and Meta Boxes for free or premium themes.

60K 5 CVEs

Import / Export Customizer Settings

astra-import-export

100

Astra theme customizer offers several settings for header/footer layout, sidebar and blog designs, colors, backgrounds, typography and much more.

50K 1 CVE

Astra Bulk Edit

astra-bulk-edit

100

An easy-to-use plugin for the Astra theme that lets you edit Page Meta Settings for multiple pages/posts at once.

30K 1 CVE

Developer Profile

MW WP Hacks Developer Profile

Takashi Kitajima

11 plugins · 331K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

122 days

View full developer profile

Detection Fingerprints

How We Detect MW WP Hacks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mw-wp-hacks/classes/../css/mw-wp-hacks.css/wp-content/plugins/mw-wp-hacks/classes/../js/mw-wp-hacks.js

Script Paths

/wp-content/plugins/mw-wp-hacks/classes/class.config.php/wp-content/plugins/mw-wp-hacks/classes/class.mw-wp-hacks-admin.php/wp-content/plugins/mw-wp-hacks/classes/class.abstract-setting.php/wp-content/plugins/mw-wp-hacks/classes/class.setting-general.php/wp-content/plugins/mw-wp-hacks/classes/class.setting-description.php/wp-content/plugins/mw-wp-hacks/classes/class.setting-excerpt.php+14 more

Version Parameters

mw-wp-hacks/css/mw-wp-hacks.css?ver=mw-wp-hacks/js/mw-wp-hacks.js?ver=

HTML / DOM Fingerprints

Shortcode Output

[local_nav]

FAQ