Does Neve Hooks have any unpatched vulnerabilities?

No. All known vulnerabilities in Neve Hooks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Neve Hooks compatible with WordPress 5.5.18?

According to WordPress.org data, Neve Hooks 1.0.1 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is Neve Hooks compatible with PHP 5.6+?

Neve Hooks requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Neve Hooks updated?

Neve Hooks was last updated on Aug 14, 2020. Frequent updates are generally a positive security signal.

What is Neve Hooks's security score?

Neve Hooks has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Neve Hooks Security & Risk Analysis

wordpress.org/plugins/neve-hooks

Easily add your own content in Neve using the Hooks panel in customizer.

400 active installs v1.0.1 PHP 5.6+ WP 4.0+ Updated Aug 14, 2020

customizer-hooksneve-hooksneve-theme

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Neve Hooks Safe to Use in 2026?

Generally Safe

Score 85/100

Neve Hooks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

Based on the static analysis, the neve-hooks v1.0.1 plugin exhibits a very strong initial security posture. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the complete absence of dangerous functions, file operations, and external HTTP requests, along with the exclusive use of prepared statements for SQL queries, indicates good development practices in these areas.

A significant concern arises from the output escaping analysis. With one total output and 0% properly escaped, any data rendered by this plugin is highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. This is a critical oversight as it can allow attackers to inject malicious scripts into the user interface, potentially leading to session hijacking, phishing, or defacement.

The vulnerability history is clean, with no recorded CVEs. This is a positive indicator, suggesting that the plugin has not been associated with known security flaws in the past. However, the lack of historical vulnerabilities doesn't negate the critical XSS risk identified in the static analysis. The plugin's strengths lie in its minimal attack surface and secure SQL handling, but the severe lack of output escaping presents a clear and present danger.

Key Concerns

All outputs are unescaped

Vulnerabilities

None known

Neve Hooks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Neve Hooks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Neve Hooks Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actioncustomize_registerincludes\neve-hooks-customizer.php:38

actionafter_setup_themeneve-hooks.php:32

actioninitneve-hooks.php:43

Maintenance & Trust

Neve Hooks Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedAug 14, 2020

PHP min version5.6

Downloads9K

Community Trust

Rating100/100

Number of ratings2

Active installs400

Alternatives

Neve Hooks Alternatives

Astra Hooks

astra-hooks

100

Add your content to Hooks in the Astra theme from the customizer.

20K No CVEs

Developer Profile

Neve Hooks Developer Profile

Themeisle

37 plugins · 2.2M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

420 days

View full developer profile

Detection Fingerprints

How We Detect Neve Hooks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/neve-hooks/assets/css/frontend.css/wp-content/plugins/neve-hooks/assets/js/frontend.js

Script Paths

/wp-content/plugins/neve-hooks/assets/js/frontend.js

Version Parameters

neve-hooks/assets/css/frontend.css?ver=neve-hooks/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

FAQ