Does All in One Tools have any unpatched vulnerabilities?

No. All known vulnerabilities in All in One Tools have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is All in One Tools compatible with WordPress 6.5.8?

According to WordPress.org data, All in One Tools 2.2.1 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is All in One Tools compatible with PHP 7.4+?

All in One Tools requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is All in One Tools updated?

All in One Tools was last updated on May 17, 2024. Frequent updates are generally a positive security signal.

What is All in One Tools's security score?

All in One Tools has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

All in One Tools Security & Risk Analysis

wordpress.org/plugins/aio-tools

Tiện ích đa chức năng – Áp dụng dễ dàng cho mọi website

100 active installs v2.2.1 PHP 7.4+ WP 4.3+ Updated May 17, 2024

all-in-oneshost-vntoolkittools

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is All in One Tools Safe to Use in 2026?

Generally Safe

Score 92/100

All in One Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "aio-tools" v2.2.1 plugin exhibits a generally positive security posture, with no known vulnerabilities or critical issues identified in the static analysis. The absence of dangerous functions, SQL injection risks (all queries use prepared statements), file operations, and external HTTP requests is commendable. The plugin also demonstrates good practice by properly escaping a high percentage of its outputs. However, the presence of two unprotected AJAX handlers represents a significant concern. These entry points could potentially be exploited if they handle user-supplied data without proper authentication or capability checks, creating an attack surface for unauthorized actions.

The vulnerability history is clean, with zero recorded CVEs, which suggests a track record of responsible development and security awareness. This, combined with the strong coding practices in other areas, indicates a plugin that is generally well-maintained. Nevertheless, the unprotected AJAX handlers are a concrete risk that needs immediate attention. The overall security is good, but the uncovered entry points detract from its strength and require mitigation.

Key Concerns

Unprotected AJAX handlers
Lack of nonce checks on AJAX handlers

Vulnerabilities

None known

All in One Tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

All in One Tools Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

86% escaped29 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<class-w2w-notice-manager> (includes\classes\class-w2w-notice-manager.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

All in One Tools Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_w2wSmtpCheckHandleradmin\class-aio-tools-admin.php:76

noprivwp_ajax_w2wSmtpCheckHandleradmin\class-aio-tools-admin.php:77

authwp_ajax_w2w_dismiss_noticeincludes\classes\class-w2w-notice-manager.php:12

authwp_ajax_w2w_remove_notice_transientincludes\classes\class-w2w-notice-manager.php:13

WordPress Hooks 27

actionadmin_bar_menuadmin\class-aio-tools-admin.php:68

actionadmin_enqueue_scriptsadmin\class-aio-tools-admin.php:74

actionplugins_loadedincludes\class-aio-tools.php:149

actionadmin_enqueue_scriptsincludes\class-aio-tools.php:169

actionadmin_enqueue_scriptsincludes\class-aio-tools.php:170

actionwp_enqueue_scriptsincludes\class-aio-tools.php:183

actionwp_enqueue_scriptsincludes\class-aio-tools.php:184

actionadmin_enqueue_scriptsincludes\classes\class-w2w-notice-manager.php:14

actionadmin_noticesincludes\classes\class-w2w-notice-manager.php:47

actionwp_footerpublic\section\w2w-contact-button.php:7

actionwp_headpublic\section\w2w-header-footer.php:6

actionwp_footerpublic\section\w2w-header-footer.php:7

actionphpmailer_initpublic\section\w2w-smtp.php:5

actionwp_mail_failedpublic\section\w2w-smtp.php:31

filterwp_mail_content_typepublic\section\w2w-smtp.php:35

filterwoocommerce_get_price_htmlpublic\section\w2w-woocommerce.php:7

actionwoocommerce_variable_add_to_cartpublic\section\w2w-woocommerce.php:37

filterwoocommerce_checkout_fieldspublic\section\w2w-woocommerce.php:55

filterwoocommerce_checkout_fieldspublic\section\w2w-woocommerce.php:57

filterwc_city_select_citiespublic\section\wc-city-select\class-w2w-cities.php:26

filterwoocommerce_statespublic\section\wc-city-select\class-w2w-provinces.php:19

filterwoocommerce_get_country_localepublic\section\wc-city-select\class-w2w-provinces.php:20

filterwoocommerce_localisation_address_formatspublic\section\wc-city-select\class-w2w-provinces.php:21

filterwoocommerce_billing_fieldspublic\section\wc-city-select\wc-city-select.php:29

filterwoocommerce_shipping_fieldspublic\section\wc-city-select\wc-city-select.php:30

filterwoocommerce_form_field_citypublic\section\wc-city-select\wc-city-select.php:31

actionwp_enqueue_scriptspublic\section\wc-city-select\wc-city-select.php:34

Maintenance & Trust

All in One Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMay 17, 2024

PHP min version7.4

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

All in One Tools Alternatives

Store Toolkit – WooCommerce Extensions, Quick Enhancements & Handy Tools

woocommerce-store-toolkit

A huge set of Quick Enhancements and Handy Tools for WooCommerce – the ultimate WooCommerce booster!

8K 4 CVEs

Dezo Tools

dezo-tools

Dezo Tools is a plugin all in one to improve your wordpress.

10 No CVEs

Foxdell Folio Taxonomy Toolkit

foxdell-folio-taxonomy-toolkit

Have finer control over your taxonomies so that you can have better organisation of your posts by using taxonomies other than just Categories and Tags …

10 No CVEs

K2 Essentials

k2-essentials

K2 Essentials makes all the essential administrative functionalities only a check box away. It eliminates the need of writing any code snippets to car …

0 No CVEs

Hostinger Tools

hostinger

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE

Developer Profile

All in One Tools Developer Profile

Shost.vn

1 plugin · 100 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect All in One Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/aio-tools/public/assets/js/main.js/wp-content/plugins/aio-tools/public/assets/css/main.css/wp-content/plugins/aio-tools/public/section/wc-city-select/assets/js/wc-city-select.js

Script Paths

/wp-content/plugins/aio-tools/public/assets/js/main.js/wp-content/plugins/aio-tools/public/section/wc-city-select/assets/js/wc-city-select.js

HTML / DOM Fingerprints

CSS Classes

city_selectw2w-main-menu

Data Attributes

data-w2w-options

JS Globals

AIOToolsW2W

FAQ