Does XML for Hotline have any unpatched vulnerabilities?

No. All known vulnerabilities in XML for Hotline have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is XML for Hotline compatible with WordPress 6.6.5?

According to WordPress.org data, XML for Hotline 1.3.7 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is XML for Hotline compatible with PHP 7.4.0+?

XML for Hotline requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is XML for Hotline updated?

XML for Hotline was last updated on Dec 15, 2024. Frequent updates are generally a positive security signal.

What is XML for Hotline's security score?

XML for Hotline has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

XML for Hotline Security & Risk Analysis

wordpress.org/plugins/xml-for-hotline

Creates a XML-feed to upload to Hotline.ua.

100 active installs v1.3.7 PHP 7.4.0+ WP 4.5+ Updated Dec 15, 2024

exporthotlinemarketwoocommercexml

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is XML for Hotline Safe to Use in 2026?

Generally Safe

Score 92/100

XML for Hotline has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "xml-for-hotline" plugin v1.3.7 presents a mixed security posture. While it exhibits good practices like using prepared statements for all SQL queries and having no recorded CVEs or bundled libraries, significant concerns arise from its static analysis. The presence of 7 dangerous function calls, particularly 'unserialize', and a high percentage of unsanitized paths in taint analysis (4 out of 4 flows) are critical red flags. Furthermore, one AJAX handler lacks authentication, creating an exploitable entry point.

Key Concerns

Unprotected AJAX handler
High taint flow with unsanitized paths
Dangerous function 'unserialize' used
Low output escaping percentage

Vulnerabilities

None known

XML for Hotline Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

XML for Hotline Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$xfhu_allow_group_id_arr = unserialize(xfhu_optionGET('xfhu_allow_group_id_arr', $feed_id));export.php:138

unserialize$params_arr = unserialize(xfhu_optionGET('xfhu_params_arr', $feed_id));export.php:156

unserialize$xfhu_delivery_arr = unserialize($xfhu_delivery_arr);export.php:594

unserialize$xfhu_delivery_arr = unserialize( $xfhu_delivery_arr );offer.php:31

unserialize$xfhu_allow_group_id_arr = unserialize( xfhu_optionGET( 'xfhu_allow_group_id_arr', $feed_id ) );offer.php:489

unserialize$params_arr = unserialize( xfhu_optionGET( 'xfhu_params_arr', $feed_id ) );offer.php:699

unserialize$params_arr = unserialize( xfhu_optionGET( 'xfhu_params_arr', $feed_id ) );offer.php:970

SQL Query Safety

100% prepared2 total queries

Output Escaping

32% escaped146 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

xfhu_export_page (export.php:2)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

XML for Hotline Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_xfhu_close_pointerxml-for-hotline.php:258

WordPress Hooks 24

actionadmin_footerclasses\system\class-xfhu-settings-feed-wp-list-table.php:15

actionadmin_footerclasses\system\class-xfhu-wp-list-table.php:11

filterpre_site_transient_update_pluginsdebug.php:5

actionadmin_noticesxml-for-hotline.php:34

actionadmin_noticesxml-for-hotline.php:54

actionbefore_woocommerce_initxml-for-hotline.php:58

actionplugins_loadedxml-for-hotline.php:130

actionadmin_menuxml-for-hotline.php:252

actionadmin_enqueue_scriptsxml-for-hotline.php:255

filterplugin_action_linksxml-for-hotline.php:256

actionadmin_print_footer_scriptsxml-for-hotline.php:257

filterupload_mimesxml-for-hotline.php:261

filtercron_schedulesxml-for-hotline.php:262

actionxfhu_cron_sborkixml-for-hotline.php:264

actionxfhu_cron_periodxml-for-hotline.php:265

actionsave_postxml-for-hotline.php:269

filterwoocommerce_product_data_tabsxml-for-hotline.php:274

actionadmin_footerxml-for-hotline.php:275

actionwoocommerce_product_data_panelsxml-for-hotline.php:276

actionwoocommerce_process_product_metaxml-for-hotline.php:277

actionadmin_noticesxml-for-hotline.php:279

actionadmin_initxml-for-hotline.php:282

actioninitxml-for-hotline.php:296

filterpre_site_transient_update_pluginsxml-for-hotline.php:336

Scheduled Events 4

xfhu_cron_period

xfhu_cron_sborki

Maintenance & Trust

XML for Hotline Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedDec 15, 2024

PHP min version7.4.0

Downloads5K

Community Trust

Rating100/100

Number of ratings4

Active installs100

Alternatives

XML for Hotline Alternatives

Mergado Pack

mergado-marketing-pack

Connect your online store to the e-commerce world and get even more from hundreds shopping channels

800 2 unpatched

XML for Avito

xml-for-avito

Создаёт XML-feed для загрузки на Авито.

100 1 CVE

WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel

wp-all-export

Easily export data from any post type, custom field, or taxonomy to a CSV, XML, or Excel file of any custom format. Supports WooCommerce products, ord …

100K 7 CVEs

WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress

wp-ultimate-csv-importer

Effortlessly import, export, and migrate your WordPress data with WP Ultimate CSV Importer. This all-in-one solution supports CSV, XML, and Excel file …

20K 26 CVEs

YML for Yandex Market

yml-for-yandex-market

Creates a YML-feed to upload to Yandex Market and not only.

10K 3 CVEs

Developer Profile

XML for Hotline Developer Profile

icopydoc

14 plugins · 16K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

102 days

View full developer profile

Detection Fingerprints

How We Detect XML for Hotline

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xml-for-hotline/css/xfhu-admin.css/wp-content/plugins/xml-for-hotline/css/xfhu-front.css/wp-content/plugins/xml-for-hotline/js/xfhu-admin.js/wp-content/plugins/xml-for-hotline/js/xfhu-front.js

Script Paths

/wp-content/plugins/xml-for-hotline/js/xfhu-admin.js/wp-content/plugins/xml-for-hotline/js/xfhu-front.js

Version Parameters

xml-for-hotline/css/xfhu-admin.css?ver=xml-for-hotline/css/xfhu-front.css?ver=xml-for-hotline/js/xfhu-admin.js?ver=xml-for-hotline/js/xfhu-front.js?ver=

HTML / DOM Fingerprints

CSS Classes

xfhu-admin-wrapperxfhu-feed-wrapxfhu-settings-wrap

HTML Comments

Data Attributes

data-xfhu-iddata-xfhu-paramdata-xfhu-feed-iddata-xfhu-feed-params

JS Globals

xfhu_admin_dataxfhu_front_data

FAQ