PlaceHodor Security & Risk Analysis
wordpress.org/plugins/placehodorSubstitute/replace missing images by a default image. The plugin will (try to) display/generate the good size (width and height) of the missing image.
Is PlaceHodor Safe to Use in 2026?
Generally Safe
Score 100/100PlaceHodor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'placehodor' plugin v1.4.0 exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits the plugin's attack surface. Furthermore, the code analysis reveals no dangerous functions, no raw SQL queries, and no taint flows with unsanitized paths, indicating robust coding practices in these critical areas. The presence of nonce and capability checks, along with a high percentage of properly escaped output, further strengthens its security. The plugin's vulnerability history is clean, with no recorded CVEs, suggesting a consistent track record of security. However, the plugin does make two external HTTP requests, which, while not inherently a vulnerability, represent an area where security could be further scrutinized for potential risks if the external endpoints are compromised or misconfigured. The lack of any previously recorded vulnerabilities is a positive indicator of diligent security maintenance, but continuous vigilance is always recommended. Overall, 'placehodor' appears to be a secure plugin, with its primary potential for concern stemming from the external HTTP requests.
Key Concerns
- External HTTP requests found
- Output escaping not 100%
PlaceHodor Security Vulnerabilities
PlaceHodor Code Analysis
Output Escaping
Data Flow Analysis
PlaceHodor Attack Surface
WordPress Hooks 17
Maintenance & Trust
PlaceHodor Maintenance & Trust
Maintenance Signals
Community Trust
PlaceHodor Alternatives
Media Placeholders
media-placeholders
Redirect requests to non-existent uploaded images to a placeholder service like placehold.it or placekitten.com. For use during development.
All 404 Redirect to Homepage
all-404-redirect-to-homepage
Using this plugin, you can fix all 404 error links by redirecting them to homepage using the SEO 301 redirection. Improve your SEO rank & pages speed
Recent Posts Widget With Thumbnails
recent-posts-widget-with-thumbnails
List the most recent posts with post titles, thumbnails, excerpts, authors, categories, dates and more!
Auto Featured Image (Auto Post Thumbnail)
auto-post-thumbnail
Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.
Quick Featured Images
quick-featured-images
The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.
PlaceHodor Developer Profile
4 plugins · 180 total installs
How We Detect PlaceHodor
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/placehodor/build/style-index.css/wp-content/plugins/placehodor/build/index.js/wp-content/plugins/placehodor/build/index.jsplacehodor/build/style-index.css?ver=placehodor/build/index.js?ver=HTML / DOM Fingerprints
<!-- placehodor settings --><!-- PlaceHodor settings -->data-placehodor-imagedata-placehodor-typedata-placehodor-datawindow.placehodor_params