WP-Safety

YAHMAN Add-ons Security & Risk Analysis

wordpress.org/plugins/yahman-add-ons

YAHMAN Add-ons has Multiple functions.

1K active installs v0.9.30 PHP 5.4+ WP 4.9.8+ Updated Apr 8, 2025
pageviewspopular-poststable-of-contentstwitter-timeline
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is YAHMAN Add-ons Safe to Use in 2026?

Generally Safe

Score 100/100

YAHMAN Add-ons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

The static analysis of "yahman-add-ons" v0.9.30 indicates a generally good security posture. The plugin exhibits strong adherence to secure coding practices, with no critical or high-severity vulnerabilities identified in taint analysis. The absence of known CVEs, unpatched vulnerabilities, and common vulnerability types in its history further supports a positive security track record. The code demonstrates a robust approach to SQL injection prevention, with all queries utilizing prepared statements. Furthermore, the majority of output is properly escaped, mitigating risks of cross-site scripting (XSS) vulnerabilities.

However, there are minor areas for improvement. While the total number of entry points is zero, a notable concern is that 17% of output remains unescaped, which, while not a critical flaw given the other checks, could still pose a theoretical risk in specific, albeit unlikely, scenarios. Additionally, the presence of file operations and external HTTP requests, though not explicitly flagged as insecure, represent potential attack vectors that require careful monitoring and validation within the plugin's broader context. The inclusion of bundled libraries, specifically TinyMCE, also introduces a dependency that needs to be kept up-to-date to avoid inheriting vulnerabilities from that component.

Overall, "yahman-add-ons" v0.9.30 appears to be a well-developed plugin with a strong emphasis on security. The lack of historical vulnerabilities and the proactive use of prepared statements and capability checks are commendable. The minor concern regarding unescaped output should be addressed to further strengthen its security. The overall risk is low, but vigilance regarding bundled library updates and thorough review of any new functionalities introducing file operations or external requests would be prudent.

Key Concerns

  • Unescaped output (17%)
  • File operations present
  • External HTTP requests present
  • Bundled library (TinyMCE)
Vulnerabilities
None known

YAHMAN Add-ons Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

YAHMAN Add-ons Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
427
2067 escaped
Nonce Checks
2
Capability Checks
5
File Operations
1
External Requests
5
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared2 total queries

Output Escaping

83% escaped2494 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<admin_menu> (inc\admin_menu.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

YAHMAN Add-ons Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 75
actionget_headerinc\action_get_header.php:4
actioninitinc\action_init.php:4
actionsave_postinc\action_init.php:15
actioncomment_postinc\action_init.php:18
actionedit_commentinc\action_init.php:25
actioncomment_approved_to_unapprovedinc\action_init.php:31
actioncomment_approved_to_trashinc\action_init.php:32
actioncomment_approved_to_spaminc\action_init.php:33
actioncomment_unapproved_to_approvedinc\action_init.php:35
actioncomment_trash_to_approvedinc\action_init.php:36
actioncomment_spam_to_approvedinc\action_init.php:37
actionplugins_loadedinc\action_plugins_loaded.php:5
actiontemplate_redirectinc\action_template_redirect.php:4
actionwp_footerinc\action_template_redirect.php:17
filterwp_lazy_loading_enabledinc\action_template_redirect.php:53
actionwp_footerinc\action_template_redirect.php:55
actionwp_print_footer_scriptsinc\action_template_redirect.php:61
actionwidgets_initinc\action_widgets_init.php:5
actionwpinc\action_wp.php:5
actionwp_footerinc\action_wp_footer.php:4
actionwp_headinc\action_wp_header.php:5
actionadmin_menuinc\admin.php:14
actionafter_switch_themeinc\admin.php:51
actionwp_footerinc\blog_card.php:25
actionload-post.phpinc\classes\header_meta.php:14
actionload-post-new.phpinc\classes\header_meta.php:15
actionadd_meta_boxesinc\classes\header_meta.php:24
actionsave_postinc\classes\header_meta.php:25
actionwp_footerinc\classes\homepage_widget.php:21
actionwp_footerinc\classes\post_list.php:21
actionwp_footerinc\enqueue.php:146
actionwp_footerinc\enqueue.php:223
filterthe_contentinc\extra-content.php:9
actionwp_footerinc\extra-content.php:75
actionwp_footerinc\extra-content.php:160
actionwp_footerinc\extra-content.php:193
actionwp_footerinc\extra-content.php:209
actionwp_footerinc\extra-content.php:223
filteryahman_addons_gtag_custominc\ga_gtag.php:26
actiontemplate_redirectinc\ga_gtag.php:27
actionwp_body_openinc\ga_gtag.php:39
actionwp_headinc\ga_gtag.php:44
filterafter_setup_themeinc\output_buffer.php:4
filtershutdowninc\output_buffer.php:5
actionadmin_print_footer_scriptsinc\quick_tag.php:49
filtermce_buttonsinc\quick_tag.php:57
filtermce_external_pluginsinc\quick_tag.php:58
actionadmin_initinc\quick_tag.php:67
actionwp_footerinc\related_posts.php:51
actionplugins_loadedinc\third\polylang.php:7
filterplugins_loadedinc\third\polylang.php:13
actionwp_footerinc\toc.php:189
actionadmin_head-profile.phpinc\user_profile.php:194
actionadmin_print_footer_scripts-profile.phpinc\user_profile.php:195
actionshow_user_profileinc\user_profile.php:197
actionedit_user_profileinc\user_profile.php:198
actionpersonal_options_updateinc\user_profile.php:200
actionedit_user_profile_updateinc\user_profile.php:201
actionplugins_loadedinc\user_profile.php:204
actionwp_footerinc\widget\social-output.php:485
actionwp_footerinc\widget\social-output.php:490
actionadmin_enqueue_scriptsinc\widget\widget-another-profile.php:14
actionwp_footerinc\widget\widget-dd-archives.php:22
actionwp_footerinc\widget\widget-dd-categories.php:22
actionwp_footerinc\widget\widget-facebook.php:114
actionadmin_enqueue_scriptsinc\widget\widget-google_cse.php:12
actionadmin_enqueue_scriptsinc\widget\widget-page_view.php:14
actionadmin_enqueue_scriptsinc\widget\widget-social-links.php:13
actionadmin_enqueue_scriptsinc\widget\widget-twitter.php:14
actionwp_footerinc\widget\widget-twitter.php:16
actionwp_footerinc\widget.php:99
actionwp_footerinc\widget.php:117
actionwp_footerinc\widget.php:147
actionwp_footerinc\widget.php:156
actionwp_footerinc\widget.php:179
Maintenance & Trust

YAHMAN Add-ons Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 8, 2025
PHP min version5.4
Downloads96K

Community Trust

Rating100/100
Number of ratings2
Active installs1K
Alternatives

YAHMAN Add-ons Alternatives

Easy Table of Contents

Easy Table of Contents

easy-table-of-contents

A
95

Adds a user friendly and fully automatic way to create and display a table of contents generated from the page content.

600K 5 CVEs
Post Views Counter

Post Views Counter

post-views-counter

A
99

Post Views Counter allows you to collect and display how many times a post, page, or other content has been viewed in a simple, fast and reliable way.

200K 2 CVEs
Table of Contents Plus

Table of Contents Plus

table-of-contents-plus

A
89

A powerful yet user friendly plugin that automatically creates a table of contents. Can also output a sitemap listing all pages and categories.

200K 5 CVEs
LuckyWP Table of Contents

LuckyWP Table of Contents

luckywp-table-of-contents

A
97

Creates SEO-friendly table of contents for your posts/pages. Works automatically or manually (via shortcode, Gutenberg block or widget).

100K 5 CVEs
Statify

Statify

statify

A
100

Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.

100K No CVEs
Developer Profile

YAHMAN Add-ons Developer Profile

YAHMAN

5 plugins · 72K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
161 days
View full developer profile
Detection Fingerprints

How We Detect YAHMAN Add-ons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yahman-add-ons/assets/css/admin.min.css/wp-content/plugins/yahman-add-ons/assets/fonts/fontawesome/style.min.css/wp-content/plugins/yahman-add-ons/assets/js/customizer/media-uploader.min.js/wp-content/plugins/yahman-add-ons/assets/js/customizer/color-picker-admin.min.js/wp-content/plugins/yahman-add-ons/assets/js/admin.min.js/wp-content/plugins/yahman-add-ons/assets/js/customizer/wp-color-picker-alpha.min.js/wp-content/plugins/yahman-add-ons/assets/css/base.min.css/wp-content/plugins/yahman-add-ons/assets/css/toc.min.css+16 more
Script Paths
/wp-content/plugins/yahman-add-ons/assets/js/customizer/media-uploader.min.js/wp-content/plugins/yahman-add-ons/assets/js/customizer/color-picker-admin.min.js/wp-content/plugins/yahman-add-ons/assets/js/admin.min.js/wp-content/plugins/yahman-add-ons/assets/js/customizer/wp-color-picker-alpha.min.js/wp-content/plugins/yahman-add-ons/assets/js/highlight/highlight.min.js/wp-content/plugins/yahman-add-ons/assets/js/lity/lity.min.js+2 more
Version Parameters
/wp-content/plugins/yahman-add-ons/assets/css/admin.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/fonts/fontawesome/style.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/js/customizer/media-uploader.min.js?ver=/wp-content/plugins/yahman-add-ons/assets/js/customizer/color-picker-admin.min.js?ver=/wp-content/plugins/yahman-add-ons/assets/js/admin.min.js?ver=/wp-content/plugins/yahman-add-ons/assets/js/customizer/wp-color-picker-alpha.min.js?ver=/wp-content/plugins/yahman-add-ons/assets/css/base.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/toc.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/post_list.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/cta.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/sns.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/profile.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/blog_card.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/notice.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/dd.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/cse.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/js/highlight/styles/default.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/js/highlight/highlight.min.js?ver=/wp-content/plugins/yahman-add-ons/assets/js/lity/lity.min.js?ver=/wp-content/plugins/yahman-add-ons/assets/js/lity/lity.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/js/luminous/Luminous.min.js?ver=/wp-content/plugins/yahman-add-ons/assets/js/luminous/luminous-basic.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/css/lozad.min.css?ver=/wp-content/plugins/yahman-add-ons/assets/js/lozad/lozad.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
ya_lozadlum-lightbox
Data Attributes
data-color-picker-alpha
JS Globals
yahman_addons_media_uploaderyahman_addons-color-picker-adminyahman_addons_admin_scriptswp-color-picker-alphayahman_addons_baseyahman_addons_toc+14 more
FAQ

Frequently Asked Questions about YAHMAN Add-ons