WP-Safety

Avante Theme Extensions Security & Risk Analysis

wordpress.org/plugins/avante-theme-extensions

This plugin adds widgets required by the Avante WordPress theme by Themely.

60 active installs v1.1 PHP 5.3+ WP 3.8+ Updated May 4, 2022
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Avante Theme Extensions Safe to Use in 2026?

Generally Safe

Score 85/100

Avante Theme Extensions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The static analysis of Avante Theme Extensions v1.1 reveals a generally strong security posture. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code demonstrates good practices by utilizing prepared statements for all SQL queries and performing capability checks for 12 distinct actions. The lack of identified dangerous functions, file operations, and external HTTP requests are also positive indicators.

However, a notable concern is the significant portion of output that is not properly escaped (43% of 805 outputs). This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly without proper sanitization. The absence of any identified taint flows, while seemingly positive, could also indicate that the taint analysis itself was limited or not comprehensive enough to detect subtle vulnerabilities, especially given the unescaped output. The plugin's history of zero known vulnerabilities is a positive sign, suggesting the developers may have a good understanding of security. Despite the lack of historical vulnerabilities, the unescaped output remains a tangible risk that requires attention.

Key Concerns

  • Significant unescaped output found
Vulnerabilities
None known

Avante Theme Extensions Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Avante Theme Extensions Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Avante Theme Extensions Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
349
456 escaped
Nonce Checks
0
Capability Checks
12
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

57% escaped805 total outputs
Attack Surface

Avante Theme Extensions Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 24
actionadmin_enqueue_scriptsinc\widgets.php:20
actionadmin_enqueue_scriptsinc\widgets.php:21
actionwp_headinc\widgets.php:22
actionwidgets_initwidgets\bar_widget.php:128
actionload-widgets.phpwidgets\benefit_widget.php:17
actionwidgets_initwidgets\benefit_widget.php:190
actionwidgets_initwidgets\counter_widget.php:174
actionwidgets_initwidgets\faq_widget.php:97
actionwidgets_initwidgets\hero_widget.php:226
actionload-widgets.phpwidgets\pricing_widget.php:16
actionwidgets_initwidgets\pricing_widget.php:360
actionwidgets_initwidgets\service_widget.php:131
actionload-widgets.phpwidgets\showcase_hero_widget.php:17
actionwidgets_initwidgets\showcase_hero_widget.php:221
actionload-widgets.phpwidgets\showcase_widget.php:17
actionwidgets_initwidgets\showcase_widget.php:181
actionload-widgets.phpwidgets\skills_widget.php:17
actionwidgets_initwidgets\skills_widget.php:193
actionload-widgets.phpwidgets\stats_widget.php:17
actionwidgets_initwidgets\stats_widget.php:183
actionload-widgets.phpwidgets\support_widget.php:17
actionwidgets_initwidgets\support_widget.php:191
actionwidgets_initwidgets\team_widget.php:190
actionwidgets_initwidgets\testimonial_widget.php:149
Maintenance & Trust

Avante Theme Extensions Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedMay 4, 2022
PHP min version5.3
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Alternatives

Avante Theme Extensions Alternatives

No alternatives data available yet.

Developer Profile

Avante Theme Extensions Developer Profile

themely

4 plugins · 6K total installs

77
trust score
Avg Security Score
76/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Avante Theme Extensions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/avante-theme-extensions/css/widgets.css/wp-content/plugins/avante-theme-extensions/js/admin.js
Script Paths
/wp-content/plugins/avante-theme-extensions/js/admin.js
Version Parameters
avante-theme-extensions/css/widgets.css?ver=avante-theme-extensions/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
avante-benefit-widgetavante-wcp-uploaderavante-wcp-image-stylesavante-lite
HTML Comments
<!-- Script for media uploader --><!-- Styles for image previews --><!-- Script and styles for color picker. -->/** * WordPress Widget Format * Wordpress 2.8 and above * @see http://codex.wordpress.org/Widgets_API#Developing_Widgets */+5 more
Data Attributes
avante-wcp-uploader
JS Globals
avante_extensions_upload_scriptavante_extensions_image_stylesavante_extensions_color_pickerAvante_Benefit_Widget
FAQ

Frequently Asked Questions about Avante Theme Extensions