Does Version Hopper have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Version Hopper compatible with WordPress 6.9.4?

According to WordPress.org data, Version Hopper 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Version Hopper compatible with PHP 7.4+?

Version Hopper requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Version Hopper updated?

Version Hopper was last updated on Dec 8, 2025. Frequent updates are generally a positive security signal.

What is Version Hopper's security score?

Version Hopper has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Version Hopper Security & Risk Analysis

wordpress.org/plugins/version-hopper

Easily switch between versions of your WordPress plugins and themes directly from the admin dashboard.

0 active installs v1.0.1 PHP 7.4+ WP 6.5+ Updated Dec 8, 2025

downgradeplugin-versionrollbackthemesupdate

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Version Hopper Safe to Use in 2026?

Generally Safe

Score 100/100

Version Hopper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "version-hopper" plugin v1.0.1 presents a mixed security profile. On the positive side, the plugin demonstrates good coding practices by utilizing prepared statements for all SQL queries, properly escaping all outputs, and including nonce and capability checks in its code. The absence of file operations, external HTTP requests, and critical or high-severity taint flows is also encouraging. The plugin also has no recorded vulnerability history, suggesting a history of secure development.

However, a significant concern arises from the plugin's attack surface. It exposes one AJAX handler that lacks authentication checks. This unprotected entry point is a critical risk, as it could potentially be exploited by unauthenticated users to perform unintended actions or disrupt functionality. While the static analysis did not reveal specific vulnerabilities stemming from this, the mere existence of an unprotected AJAX handler significantly increases the potential for future exploits, especially if it interacts with sensitive data or functionality.

In conclusion, while the "version-hopper" plugin v1.0.1 adheres to several security best practices, the presence of an unprotected AJAX handler is a notable weakness that requires immediate attention. The otherwise clean codebase and lack of historical vulnerabilities are strengths, but they are overshadowed by this single, but critical, security flaw.

Key Concerns

AJAX handler without auth checks

Vulnerabilities

None known

Version Hopper Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Version Hopper Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Version Hopper Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped11 total outputs

Attack Surface

1 unprotected

Version Hopper Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_vhversionhopper_apply_packageincludes\class-version-hopper.php:134

WordPress Hooks 3

actionadmin_enqueue_scriptsincludes\class-version-hopper.php:127

actionadmin_enqueue_scriptsincludes\class-version-hopper.php:128

actionadmin_menuincludes\class-version-hopper.php:132

Maintenance & Trust

Version Hopper Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 8, 2025

PHP min version7.4

Downloads248

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Version Hopper Alternatives

PlugVersions – Easily roll back to previous versions of your plugins.

plugversions

Retains up to three versions when you update a plugin. It works with premium and custom plugins too.

1K 1 CVE

WP Rollback – Rollback Plugins and Themes

wp-rollback

Rollback (or forward) any WordPress.org plugin, theme, or block like a boss.

300K 2 CVEs

WP Downgrade | Specific Core Version

wp-downgrade

Automatically downgrad or update to any WordPress version you want directly from the backend.

100K 1 CVE

Advanced Automatic Updates

automatic-updater

Adds extra options to WordPress' built-in Automatic Updates feature.

30K No CVEs

Core Rollback

core-rollback

100

Seamless rollback of WordPress Core to latest release or any outdated, secure release using the Core Update API and core update methods.

10K No CVEs

Developer Profile

Version Hopper Developer Profile

Sajjad Hossain Sagor

34 plugins · 10K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

139 days

View full developer profile

Detection Fingerprints

How We Detect Version Hopper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/version-hopper/admin/css/admin.css/wp-content/plugins/version-hopper/admin/js/admin.js

Script Paths

/wp-content/plugins/version-hopper/admin/js/admin.js

Version Parameters

version-hopper/admin/css/admin.css?ver=version-hopper/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

vhversionhopper_hopper

JS Globals

VersionHopper

FAQ