Does Attesa Extra have any unpatched vulnerabilities?

No. All known vulnerabilities in Attesa Extra have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Attesa Extra compatible with WordPress 6.9.4?

According to WordPress.org data, Attesa Extra 1.4.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Attesa Extra updated?

Attesa Extra was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Attesa Extra's security score?

Attesa Extra has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Attesa Extra Security & Risk Analysis

wordpress.org/plugins/attesa-extra

Add extra features to Attesa WordPress theme

1K active installs v1.4.8 PHP + WP 4.6.5+ Updated Feb 20, 2026

attesa-themeattesawpmeta-boxmetaboxmetaboxes

A · Safe

CVEs total3

Unpatched0

Last CVEOct 19, 2025

Plugin page Download

Safety Verdict

Is Attesa Extra Safe to Use in 2026?

Generally Safe

Score 96/100

Attesa Extra has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 19, 2025Updated 1mo ago

Risk Assessment

The "attesa-extra" plugin v1.4.8 presents a mixed security posture. On the positive side, the static analysis indicates a relatively clean codebase with all identified entry points (AJAX handlers, REST API routes, shortcodes) having authorization checks. The plugin also demonstrates good practice by using prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of any critical or high severity taint flows further suggests a level of security consciousness in its development.

However, several areas warrant caution. The presence of the `unserialize` function is a significant concern, as it can be exploited for remote code execution if an attacker can control the serialized data. While the current static analysis doesn't explicitly reveal a direct vulnerability related to it, it remains a high-risk function that requires vigilant sanitization of its input. Furthermore, the plugin has a history of three medium severity vulnerabilities, specifically Cross-site Scripting and Authorization Bypass. The fact that the last vulnerability was recorded in 2025 suggests that while no CVEs are currently unpatched, the plugin has had a past pattern of exploitable flaws, and continued vigilance regarding updates and future patches is essential.

Overall, "attesa-extra" v1.4.8 shows strengths in its use of prepared statements and authorization checks on entry points. However, the presence of `unserialize` and its historical vulnerability record, particularly medium severity issues, necessitates a cautious approach. While the current version appears to have addressed past CVEs, the potential for exploitation via `unserialize` and the need for ongoing monitoring of its security track record are the primary weaknesses.

Key Concerns

Presence of unserialize function
Medium severity vulnerability history (3 total)

Vulnerabilities

Attesa Extra Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-62971medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Attesa Extra <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 19, 2025 Patched in 1.4.8 (130d)

CVE-2024-10688medium · 4.3Authorization Bypass Through User-Controlled Key

Attesa Extra <= 1.4.2 - Authenticated (Contributor+) Post Disclosure

Nov 8, 2024 Patched in 1.4.3 (1d)

CVE-2024-32594medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Attesa Extra <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 1.4.0 (8d)

Code Analysis

Analyzed Mar 16, 2026

Attesa Extra Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

105

543 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = @unserialize( $raw );panel\classes\importers\class-settings-importer.php:28

SQL Query Safety

100% prepared4 total queries

Output Escaping

84% escaped648 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

hide_notices (panel\attesa-admin-page.php:65)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Attesa Extra Attack Surface

Entry Points12

Unprotected0

AJAX Handlers 7

authwp_ajax_awp_ajax_get_demo_datapanel\demos.php:64

authwp_ajax_awp_ajax_required_plugins_activatepanel\demos.php:65

authwp_ajax_awp_ajax_get_import_datapanel\demos.php:68

authwp_ajax_awp_ajax_import_xmlpanel\demos.php:71

authwp_ajax_awp_ajax_import_theme_settingspanel\demos.php:74

authwp_ajax_awp_ajax_import_widgetspanel\demos.php:77

authwp_ajax_awp_after_importpanel\demos.php:80

Shortcodes 5

[attesa_date] metabox\shortcodes.php:5

[attesa_copyright] metabox\shortcodes.php:6

[attesa_registered_trademark] metabox\shortcodes.php:7

[attesa_qrcode] metabox\shortcodes.php:8

[attesa-template] panel\attesa-custom-templates.php:20

WordPress Hooks 150

actionafter_setup_themeattesa-extra.php:33

actioninitattesa-extra.php:36

filterplugin_row_metaattesa-extra.php:38

actionwidgets_initattesa-extra.php:39

actioninitattesa-extra.php:40

filterwidget_textattesa-extra.php:43

actionplugins_loadedattesa-extra.php:44

actioninitattesa-extra.php:71

actionwp_headattesa-extra.php:72

actionwp_footerattesa-extra.php:73

actionattesa_footer_widgetsattesa-extra.php:109

actionattesa_headerattesa-extra.php:111

actionattesa_entry_headerattesa-extra.php:113

actionadmin_noticesattesa-extra.php:119

actioncustomize_registercustomizer\customizer.php:152

filterattesa_is_customfooter_active_filtercustomizer\customizer.php:178

filterattesa_is_customheader_active_filtercustomizer\customizer.php:195

actionattesa_header_codecustomizer\functions.php:23

actionattesa_footer_codecustomizer\functions.php:46

filterwpml_elementor_widgets_to_translateelementor\compatibility\wpml_compatibility.php:42

actionelementor/widgets/registerelementor\widgets.php:42

actionelementor/elements/categories_registeredelementor\widgets.php:43

actionelementor/frontend/after_register_scriptselementor\widgets.php:44

actionelementor/frontend/after_register_styleselementor\widgets.php:45

actionelementor/preview/enqueue_scriptselementor\widgets.php:46

actionelementor/preview/enqueue_styleselementor\widgets.php:47

actionelementor/editor/after_enqueue_styleselementor\widgets.php:48

actionelementor/frontend/after_enqueue_scriptselementor\widgets.php:50

filterelementor/editor/localize_settingselementor\widgets.php:51

actioninitmetabox\butterbean\butterbean.php:19

actionload-post.phpmetabox\butterbean\class-butterbean.php:212

actionload-post-new.phpmetabox\butterbean\class-butterbean.php:213

actionbutterbean_registermetabox\butterbean\class-butterbean.php:216

actionbutterbean_registermetabox\butterbean\class-butterbean.php:217

actionbutterbean_registermetabox\butterbean\class-butterbean.php:218

actionbutterbean_registermetabox\butterbean\class-butterbean.php:219

actionadd_meta_boxesmetabox\butterbean\class-butterbean.php:261

actionsave_postmetabox\butterbean\class-butterbean.php:264

actionadmin_enqueue_scriptsmetabox\butterbean\class-butterbean.php:267

actionbutterbean_enqueue_scriptsmetabox\butterbean\class-butterbean.php:268

actionadmin_footermetabox\butterbean\class-butterbean.php:271

actionadmin_footermetabox\butterbean\class-butterbean.php:272

actionadmin_print_footer_scriptsmetabox\butterbean\class-butterbean.php:275

actionattesa_custom_css_style_filtermetabox\hooks.php:53

actionattesa_custom_css_style_filtermetabox\hooks.php:104

actionattesa_custom_css_style_filtermetabox\hooks.php:155

filterattesa_check_return_filtermetabox\hooks.php:158

filterbody_classmetabox\hooks.php:188

filterattesa_website_structuremetabox\hooks.php:191

filterattesa_max_width_structuremetabox\hooks.php:201

filterattesa_elements_border_radiusmetabox\hooks.php:211

filterattesa_max_width_site_contentmetabox\hooks.php:221

filterattesa_width_site_contentmetabox\hooks.php:231

filterattesa_width_site_content_no_sidebarmetabox\hooks.php:241

filterattesa_classic_sidebar_positionmetabox\hooks.php:251

filterattesa_push_sidebar_positionmetabox\hooks.php:266

filterattesa_post_featured_image_stylemetabox\hooks.php:343

filterattesa_overlay_featured_image_stylemetabox\hooks.php:356

filterattesa_fixed_featured_image_stylemetabox\hooks.php:369

filterattesa_height_featured_image_stylemetabox\hooks.php:382

filterattesa_opacity_featured_image_stylemetabox\hooks.php:391

filterattesa_title_featured_image_stylemetabox\hooks.php:405

filterattesa_page_featured_image_stylemetabox\hooks.php:418

filterattesa_overlay_featured_image_style_pagemetabox\hooks.php:431

filterattesa_fixed_featured_image_style_pagemetabox\hooks.php:444

filterattesa_height_featured_image_style_pagemetabox\hooks.php:457

filterattesa_opacity_featured_image_style_pagemetabox\hooks.php:466

filterattesa_title_featured_image_style_pagemetabox\hooks.php:480

filterattesa_header_stylemetabox\hooks.php:493

filterattesa_sticky_header_scrollmetabox\hooks.php:506

filterattesa_sticky_header_scroll_mobilemetabox\hooks.php:519

filterattesa_show_top_barmetabox\hooks.php:532

filterattesa_filter_use_header_colorsmetabox\hooks.php:545

filterattesa_topbar_stylemetabox\hooks.php:553

filterattesa_show_top_bar_mobilemetabox\hooks.php:566

filterattesa_choose_top_navmetabox\hooks.php:579

filterget_custom_logometabox\hooks.php:592

filterattesa_logo_on_scroll_filtermetabox\hooks.php:616

filterattesa_general_link_colormetabox\hooks.php:629

filterattesa_general_text_colormetabox\hooks.php:638

filterattesa_general_background_colormetabox\hooks.php:647

filterattesa_outer_background_colormetabox\hooks.php:656

filterattesa_alternative_background_colormetabox\hooks.php:665

filterattesa_content_text_colormetabox\hooks.php:674

filterattesa_general_border_colormetabox\hooks.php:683

filterattesa_topbar_background_colormetabox\hooks.php:692

filterattesa_topbar_text_colormetabox\hooks.php:701

filterattesa_topbar_border_colormetabox\hooks.php:710

filterattesa_header_background_colormetabox\hooks.php:719

filterattesa_header_link_colormetabox\hooks.php:728

filterattesa_header_text_colormetabox\hooks.php:737

filterattesa_classicsidebar_link_colormetabox\hooks.php:746

filterattesa_classicsidebar_text_colormetabox\hooks.php:755

filterattesa_classicsidebar_background_colormetabox\hooks.php:764

filterattesa_classicsidebar_border_colormetabox\hooks.php:773

filterattesa_pushsidebar_link_colormetabox\hooks.php:782

filterattesa_pushsidebar_text_colormetabox\hooks.php:791

filterattesa_pushsidebar_background_colormetabox\hooks.php:800

filterattesa_pushsidebar_border_colormetabox\hooks.php:809

filterattesa_footer_link_colormetabox\hooks.php:818

filterattesa_footer_text_colormetabox\hooks.php:827

filterattesa_footer_background_colormetabox\hooks.php:836

filterattesa_footer_border_colormetabox\hooks.php:845

filterattesa_subfooter_background_colormetabox\hooks.php:854

filterattesa_subfooter_text_colormetabox\hooks.php:863

filterattesa_subfooter_link_colormetabox\hooks.php:872

actionattesa_before_site_contentmetabox\hooks.php:881

actionattesa_after_site_contentmetabox\hooks.php:888

filterthe_contentmetabox\hooks.php:895

filterthe_contentmetabox\hooks.php:904

actionattesa_before_classic_sidebarmetabox\hooks.php:913

actionattesa_after_classic_sidebarmetabox\hooks.php:920

actionattesa_before_push_sidebarmetabox\hooks.php:927

actionattesa_after_push_sidebarmetabox\hooks.php:934

actionattesa_before_footer_widgetsmetabox\hooks.php:941

actionattesa_after_footer_widgetsmetabox\hooks.php:948

filterattesa_the_breadcrumb_filtermetabox\hooks.php:956

actionbutterbean_registermetabox\metabox.php:59

actionbutterbean_registermetabox\metabox.php:60

actionbutterbean_registermetabox\metabox.php:61

actionbutterbean_registermetabox\metabox.php:62

actionbutterbean_registermetabox\metabox.php:63

actionadmin_enqueue_scriptsmetabox\metabox.php:64

filterbutterbean_pre_control_templatemetabox\metabox.php:66

actionbutterbean_registermetabox\metabox.php:67

filterbutterbean_control_templatemetabox\metabox.php:68

actionadmin_menupanel\attesa-admin-page.php:20

actionadmin_enqueue_scriptspanel\attesa-admin-page.php:21

actionload-plugins.phppanel\attesa-admin-page.php:22

actionwp_loadedpanel\attesa-admin-page.php:23

actionadmin_noticespanel\attesa-admin-page.php:55

actionadmin_noticespanel\attesa-admin-page.php:59

actioninitpanel\attesa-custom-templates.php:15

actionadmin_menupanel\attesa-custom-templates.php:16

actionadd_meta_boxespanel\attesa-custom-templates.php:17

filtermanage_attesa_templates_posts_columnspanel\attesa-custom-templates.php:18

actionmanage_attesa_templates_posts_custom_columnpanel\attesa-custom-templates.php:19

actionadmin_menupanel\attesa-pro-features.php:21

actionadmin_enqueue_scriptspanel\attesa-pro-features.php:22

actionadmin_menupanel\classes\class-install-demos.php:22

actionadmin_initpanel\classes\importers\class-wordpress-importer.php:52

filterimport_post_meta_keypanel\classes\importers\class-wordpress-importer.php:122

filterhttp_request_timeoutpanel\classes\importers\class-wordpress-importer.php:123

actionattesa_header_codepanel\custom-code.php:13

actionattesa_footer_codepanel\custom-code.php:14

actionadmin_initpanel\demos.php:38

actionadmin_enqueue_scriptspanel\demos.php:41

filterupload_mimespanel\demos.php:44

actionadmin_footerpanel\demos.php:47

filterawp_demos_datapanel\demos.php:51

Maintenance & Trust

Attesa Extra Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version

Downloads72K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

Attesa Extra Alternatives

Ocean Extra

ocean-extra

Ocean Extra adds extra features and flexibility to the OceanWP theme for a turbocharged experience.

500K 17 CVEs

CMB2

cmb2

CMB2 is a metabox, custom fields, and forms library for WordPress that will blow your mind.

300K 1 CVE

PT Theme Addon

pt-theme-addon

Plugin to add team, testimonial portfolio and clients custom post type. Each post type has its widget and shortcode to use in theme.

1K No CVEs

Sweet Custom Dashboard

sweet-custom-dashboard

A nice plugin to start creating your own custom WordPress dashboard.

400 No CVEs

CMB2 Admin Extension

cmb2-admin-extension

100

Create and manage CMB2 meta boxes from the WordPress admin without writing code.

200 No CVEs

Developer Profile

Attesa Extra Developer Profile

CrestaProject

25 plugins · 22K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

36 days

View full developer profile

Detection Fingerprints

How We Detect Attesa Extra

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/attesa-extra/widgets/social-buttons.php/wp-content/plugins/attesa-extra/widgets/latest-comments.php/wp-content/plugins/attesa-extra/widgets/random-post.php/wp-content/plugins/attesa-extra/widgets/recent-post.php/wp-content/plugins/attesa-extra/metabox/shortcodes.php/wp-content/plugins/attesa-extra/metabox/functions.php/wp-content/plugins/attesa-extra/metabox/hooks.php/wp-content/plugins/attesa-extra/customizer/functions.php+9 more

HTML / DOM Fingerprints

CSS Classes

attesa-extra

FAQ