Does Ashe Extra have any unpatched vulnerabilities?

No. All known vulnerabilities in Ashe Extra have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ashe Extra compatible with WordPress 6.7.5?

According to WordPress.org data, Ashe Extra 1.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Ashe Extra updated?

Ashe Extra was last updated on Jan 7, 2025. Frequent updates are generally a positive security signal.

What is Ashe Extra's security score?

Ashe Extra has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ashe Extra Security & Risk Analysis

wordpress.org/plugins/ashe-extra

Adds One Click Demo Import functionality for Ashe theme.

3K active installs v1.3 PHP + WP 4.6+ Updated Jan 7, 2025

A · Safe

CVEs total2

Unpatched0

Last CVEDec 30, 2024

Plugin page Download

Safety Verdict

Is Ashe Extra Safe to Use in 2026?

Generally Safe

Score 91/100

Ashe Extra has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 30, 2024Updated 1yr ago

Risk Assessment

The "ashe-extra" v1.3 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a complete absence of critical or high-severity issues within the analyzed code, including no dangerous functions, no unsanitized taint flows, and all identified AJAX handlers and shortcodes have authorization checks. The plugin also demonstrates good practices with nonce checks and capability checks on all identified entry points. However, there are notable areas for improvement. The output escaping is only properly implemented in 36% of cases, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly outputted without sanitization. While the SQL queries are predominantly prepared, 29% are not, posing a potential SQL injection risk in those specific instances. The vulnerability history is a significant concern, with two known medium-severity CVEs, both related to Missing Authorization. The fact that these are not currently unpatched is positive, but the recurring nature of authorization flaws suggests a persistent weakness in how user permissions are handled in certain plugin functionalities. Overall, while the current code shows improvements in immediate attack surface protection, the historical vulnerability patterns and less-than-ideal output escaping and SQL preparation practices warrant caution.

Key Concerns

Output escaping is poorly implemented (36%)
SQL queries not always prepared (29%)
History of medium severity CVEs (2)

Vulnerabilities

Ashe Extra Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-56244medium · 4.3Missing Authorization

Ashe Extra <= 1.2.92 - Missing Authorization

Dec 30, 2024 Patched in 1.3 (10d)

CVE-2023-46079medium · 4.3Missing Authorization

Ashe Extra <= 1.2.91 - Missing Authorization via multiple AJAX actions

Oct 16, 2023 Patched in 1.2.92 (403d)

Code Analysis

Analyzed Mar 16, 2026

Ashe Extra Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

71% prepared7 total queries

Output Escaping

36% escaped14 total outputs

Attack Surface

Ashe Extra Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_ashextra_contact_from_7_activationashe-extra.php:28

authwp_ajax_ashextra_instagram_feed_activationashe-extra.php:29

authwp_ajax_ashextra_mailchimp_newsletter_activationashe-extra.php:30

authwp_ajax_ashextra_recent_posts_activationashe-extra.php:31

authwp_ajax_ashextra_royal_elementor_addons_activationashe-extra.php:33

authwp_ajax_ashextra_import_xmlashe-extra.php:51

WordPress Hooks 11

actionadmin_initashe-extra.php:24

actionadmin_menuashe-extra.php:26

actionadmin_enqueue_scriptsashe-extra.php:35

actionload-importer-wordpressashe-extra.php:40

filterwp_import_post_metaashe-extra.php:41

filterwxr_importer.pre_process.post_metaashe-extra.php:42

filterwp_import_post_data_processedashe-extra.php:45

filterwxr_importer.pre_process.postashe-extra.php:47

filterwxr_importer.pre_process.postashe-extra.php:48

filterimport_post_meta_keyincludes\importers\wxr-importer.php:321

filterhttp_request_timeoutincludes\importers\wxr-importer.php:322

Maintenance & Trust

Ashe Extra Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 7, 2025

PHP min version

Downloads61K

Community Trust

Rating0/100

Number of ratings0

Active installs3K

Alternatives

Ashe Extra Alternatives

No alternatives data available yet.

Developer Profile

Ashe Extra Developer Profile

WP Royal

9 plugins · 766K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

112 days

View full developer profile

Detection Fingerprints

How We Detect Ashe Extra

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ashe-extra/assets/images/cf7.png/wp-content/plugins/ashe-extra/assets/images/instagram-feed.png/wp-content/plugins/ashe-extra/assets/images/mailchimp.png/wp-content/plugins/ashe-extra/assets/images/recent-posts.png/wp-content/plugins/ashe-extra/assets/images/royal-elementor-addons.png/wp-content/plugins/ashe-extra/assets/js/admin-scripts.js

Script Paths

/wp-content/plugins/ashe-extra/assets/js/admin-scripts.js

Version Parameters

ashe-extra/assets/js/admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

extra-options-page-wrapextra-optionsashextra-plugin-activationplugin-boxafter-import-noticevisit-website

Data Attributes

id="contact_from_7"id="instagram_feed"id="mailchimp_newsletter"id="recent_posts"

JS Globals

AsheExtraashe_extra_ajax_obj

REST Endpoints

/wp-json/ashextra/v1/import/wp-json/ashextra/v1/demo-content

FAQ