Does All-in-One Utilities have any unpatched vulnerabilities?

No. All known vulnerabilities in All-in-One Utilities have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is All-in-One Utilities compatible with WordPress 6.8.5?

According to WordPress.org data, All-in-One Utilities 1.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is All-in-One Utilities updated?

All-in-One Utilities was last updated on Aug 22, 2025. Frequent updates are generally a positive security signal.

What is All-in-One Utilities's security score?

All-in-One Utilities has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

All-in-One Utilities Security & Risk Analysis

wordpress.org/plugins/all-in-one-utilities

A must use plugin for any WordPress site with necessary features.

10 active installs v1.0.0 PHP + WP 4.0.0+ Updated Aug 22, 2025

disable-featuresfeatured-imagemultiple-rolesusername-updaterutilities

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is All-in-One Utilities Safe to Use in 2026?

Generally Safe

Score 100/100

All-in-One Utilities has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The 'all-in-one-utilities' v1.0.0 plugin exhibits a generally positive security posture based on the provided static analysis. The absence of directly exploitable entry points like unprotected AJAX handlers, REST API routes, shortcodes, or cron events is a significant strength. Furthermore, the plugin demonstrates good practices by using prepared statements for all SQL queries and properly escaping a high percentage of its outputs. The presence of nonce and capability checks, even if limited in number, indicates an awareness of core WordPress security mechanisms. There are no recorded vulnerabilities (CVEs) or past issues, suggesting a stable and potentially well-maintained codebase.

However, the analysis does flag two specific concerns within the taint analysis: 'Flows with unsanitized paths'. While these flows are not categorized as critical or high severity, and their impact is not detailed, they represent a potential risk of unexpected behavior or unintended file access if an attacker can influence the path input. The limited number of capability checks (2) and nonce checks (6) across the identified entry points, while not directly tied to an exploit in this version, could become a point of weakness if the plugin's functionality expands or if future analysis reveals more intricate attack vectors. The low total number of analyzed flows (4) also means the taint analysis may not have covered all potential execution paths.

In conclusion, 'all-in-one-utilities' v1.0.0 appears to be a reasonably secure plugin, particularly regarding its handling of database interactions and output. The primary area for caution lies in the identified unsanitized paths, which warrant further investigation. The lack of historical vulnerabilities is a strong positive indicator. The plugin's overall security is good, but the identified taint flow issues prevent it from being perfect.

Key Concerns

Flows with unsanitized paths

Vulnerabilities

None known

All-in-One Utilities Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

All-in-One Utilities Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

189 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

97% escaped194 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

handler_actions (admin\class-all-in-one-wp-utilities-admin.php:154)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

All-in-One Utilities Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_aiowpu_change_featured_image_previewmodules\set-featured-image\admin\class-aiowpu-set-featured-image-admin.php:66

WordPress Hooks 73

actionplugins_loadedall-in-one-utilities.php:73

actionadmin_enqueue_scriptscore\class-aiowpu-module-admin.php:59

actionwp_enqueue_scriptscore\class-aiowpu-module-public.php:59

actionenqueue_block_editor_assetscore\class-aiowpu-module-public.php:60

actioninitcore\class-all-in-one-utilities.php:138

actionadmin_enqueue_scriptscore\class-all-in-one-utilities.php:139

actionadmin_enqueue_scriptscore\class-all-in-one-utilities.php:140

actionadmin_menucore\class-all-in-one-utilities.php:141

actionadmin_enqueue_scriptscore\class-all-in-one-utilities.php:145

actionadmin_enqueue_scriptscore\class-all-in-one-utilities.php:146

actionadmin_menucore\class-all-in-one-utilities.php:147

actionwp_enqueue_scriptscore\class-all-in-one-utilities.php:162

actionwp_enqueue_scriptscore\class-all-in-one-utilities.php:163

actionaiowpu_plugin_activationcore\class-all-in-one-utilities.php:201

actionplugins_loadedcore\class-all-in-one-utilities.php:202

actioninitmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:76

actionaiowpu_disable_unnecessary_features_settings_rigt_sectionmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:79

actionaiowpu_disable_unnecessary_features_settings_rigt_sectionmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:82

filteradmin_footer_textmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:85

actionpre_pingmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:294

filterredirect_canonicalmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:317

actiontemplate_redirectmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:338

actionadmin_headmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:365

filterscreen_options_show_screenmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:368

actionadmin_bar_menumodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:375

actionadmin_bar_menumodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:394

actionwp_dashboard_setupmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:428

filteremoji_svg_urlmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:456

filtertiny_mce_pluginsmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:457

filterembed_oembed_discovermodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:487

filterrewrite_rules_arraymodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:489

filterxmlrpc_enabledmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:505

filterpings_openmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:506

filterwp_headersmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:507

filterthe_generatormodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:522

actiontemplate_redirectmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:554

filterrest_authentication_errorsmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:592

actionwp_print_stylesmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:613

filterwp_is_application_passwords_availablemodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:627

filtermap_meta_capmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:635

filterpre_option_wp_page_for_privacy_policymodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:641

actionadmin_menumodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:655

actioncurrent_screenmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:658

filterstyle_loader_srcmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:675

filterscript_loader_srcmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:686

filterfallback_intermediate_image_sizesmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:709

filtershould_load_remote_block_patternsmodules\disable-unnecessary-features\admin\class-aiowpu-disable-unnecessary-features-admin.php:745

filterbytecode_settings_api_tabsmodules\disable-unnecessary-features\admin\settings\class-aiowpu-disable-unnecessary-features-settings.php:78

actionbytecode_settings_api_sectionsmodules\disable-unnecessary-features\admin\settings\class-aiowpu-disable-unnecessary-features-settings.php:81

actionadmin_initmodules\disable-unnecessary-features\admin\settings\class-aiowpu-disable-unnecessary-features-settings.php:84

actionaiowpu_disable_unnecessary_features_settings_rigt_sectionmodules\disable-unnecessary-features\helpers\helper-disable-unncessary-features.php:174

actionaiowpu_disable_unnecessary_features_settings_rigt_sectionmodules\disable-unnecessary-features\helpers\helper-disable-unncessary-features.php:202

actionadmin_initmodules\set-featured-image\admin\class-aiowpu-set-featured-image-admin.php:63

filterpre_do_shortcode_tagmodules\set-featured-image\class-aiowpu-set-featured-image.php:84

filterdo_shortcode_tagmodules\set-featured-image\class-aiowpu-set-featured-image.php:85

filterdfi_thumbnail_idmodules\set-featured-image\class-aiowpu-set-featured-image.php:92

filteraiowpu_featured_image_idmodules\set-featured-image\helpers\class-aiowpu-featured-image-exceptions.php:46

filterget_post_metadatamodules\set-featured-image\public\class-aiowpu-set-featured-image-public.php:42

filterpost_thumbnail_htmlmodules\set-featured-image\public\class-aiowpu-set-featured-image-public.php:45

filtermanage_users_columnsmodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:43

filtermanage_users_custom_columnmodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:44

actionshow_user_profilemodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:47

actionedit_user_profilemodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:48

actionuser_new_formmodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:49

actionprofile_updatemodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:52

filtersignup_site_metamodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:59

actionafter_signup_usermodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:61

actionwpmu_activate_usermodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:63

actionuser_registermodules\user-multiple-roles\admin\class-aiowpu-user-multiple-roles-admin.php:66

filteruser_row_actionsmodules\username-updater\admin\class-aiowpu-username-updater-admin.php:61

filterms_user_row_actionsmodules\username-updater\admin\class-aiowpu-username-updater-admin.php:64

actionadmin_menumodules\username-updater\admin\class-aiowpu-username-updater-admin.php:67

actioninitmodules\username-updater\admin\class-aiowpu-username-updater-admin.php:70

Maintenance & Trust

All-in-One Utilities Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 22, 2025

PHP min version

Downloads625

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

All-in-One Utilities Alternatives

Featured Image Bulk Set Plugin

featured-image-bulk-set

This is a plugin designed to do one simple job: programatically add a featured image in WordPress to existing posts. Either images already in the post …

10 No CVEs

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Quick Featured Images

quick-featured-images

The time-saving solution for managing tons of featured images within minutes: Set, replace and delete in bulk and set default images for future posts.

50K 3 CVEs

Conditionally display featured image on singular posts and pages

conditionally-display-featured-image-on-singular-pages

100

Easily control whether the featured image appears in the single post or page view (doesn't hide it in archive/list view).

30K No CVEs

XO Featured Image Tools

xo-featured-image-tools

100

Automatically generate the featured image from the image of the post.

30K No CVEs

Developer Profile

All-in-One Utilities Developer Profile

2ByteCode

3 plugins · 130 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect All-in-One Utilities

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/all-in-one-utilities/admin/css/all-in-one-wp-utilities-admin.css

Script Paths

/wp-content/plugins/all-in-one-utilities/admin/js/all-in-one-wp-utilities-admin.js

Version Parameters

all-in-one-wp-utilities-admin.css?ver=all-in-one-wp-utilities-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-aiowpu-module-slugdata-aiowpu-module-namedata-aiowpu-module-statedata-aiowpu-module-slug-editdata-aiowpu-module-name-editdata-aiowpu-module-state-edit

JS Globals

AIOWPU_ADMIN_OBJECT

FAQ