WP-Safety

AWcode Toolkit Security & Risk Analysis

wordpress.org/plugins/awcode-toolkit

AWcode Toolkit provides a collection of useful tools and functions for Wordpress site owners

100 active installs v1.0.24 PHP + WP 5.0+ Updated Feb 24, 2026
awcodecloudflareweb-developerweb-designwoocommerce
98
A · Safe
CVEs total2
Unpatched0
Last CVEMay 19, 2025
Download
Safety Verdict

Is AWcode Toolkit Safe to Use in 2026?

Generally Safe

Score 98/100

AWcode Toolkit has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 19, 2025Updated 1mo ago
Risk Assessment

The awcode-toolkit plugin v1.0.24 presents a mixed security posture. While it demonstrates good practices in utilizing prepared statements for SQL queries and properly escaping a high percentage of output, several areas raise concerns. The presence of a dangerous `unserialize` function is a significant red flag, especially when combined with a high number of unsanitized taint flows. Furthermore, the attack surface includes two AJAX handlers without authentication checks, creating a direct pathway for potential unauthorized actions. The vulnerability history, while showing no currently unpatched CVEs, reveals a pattern of past medium-severity issues related to CSRF and XSS, suggesting a recurring need for careful input validation and output sanitization. The existence of two unprotected AJAX endpoints and the use of `unserialize` without apparent validation are the most immediate risks.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • High number of unsanitized taint flows
  • Past CSRF and XSS vulnerabilities
Vulnerabilities
2

AWcode Toolkit Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-48238medium · 6.1Cross-Site Request Forgery (CSRF)

AWcode Toolkit <= 1.0.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting

May 19, 2025 Patched in 1.0.19 (10d)
CVE-2025-24554medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AWcode Toolkit <= 1.0.14 - Reflected Cross-Site Scripting

Nov 15, 2024 Patched in 1.0.15 (98d)
Code Analysis
Analyzed Mar 16, 2026

AWcode Toolkit Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
10 prepared
Unescaped Output
14
107 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized_string = @unserialize( $serialized_string );includes\class.awtoolkit-setting.php:236

SQL Query Safety

83% prepared12 total queries

Output Escaping

88% escaped121 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths
<class.awtoolkit-woo-product-suppliers> (includes\class.awtoolkit-woo-product-suppliers.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

AWcode Toolkit Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 4

authwp_ajax_check_supplierincludes\class.awtoolkit-woo-product-suppliers.php:330
noprivwp_ajax_check_supplierincludes\class.awtoolkit-woo-product-suppliers.php:331
authwp_ajax_supplierAddNewincludes\class.awtoolkit-woo-product-suppliers.php:394
noprivwp_ajax_supplierAddNewincludes\class.awtoolkit-woo-product-suppliers.php:395
WordPress Hooks 32
filterinitaw-toolkit.php:48
actionadmin_footeraw-toolkit.php:102
actionadmin_headaw-toolkit.php:103
actionplugins_loadedaw-toolkit.php:160
actionshutdownincludes\class.awtoolkit-general.php:16
actionrest_api_initincludes\class.awtoolkit-remote.php:16
filterfilesystem_methodincludes\class.awtoolkit-remote.php:215
actionadmin_menuincludes\class.awtoolkit-setting.php:6
actionadmin_menuincludes\class.awtoolkit-woo-product-suppliers.php:16
actionwoocommerce_product_options_inventory_product_dataincludes\class.awtoolkit-woo-product-suppliers.php:43
actionwoocommerce_product_quick_edit_endincludes\class.awtoolkit-woo-product-suppliers.php:45
actionwoocommerce_product_quick_edit_saveincludes\class.awtoolkit-woo-product-suppliers.php:101
actionmanage_product_posts_custom_columnincludes\class.awtoolkit-woo-product-suppliers.php:148
actionadmin_footerincludes\class.awtoolkit-woo-product-suppliers.php:172
actionsave_post_productincludes\class.awtoolkit-woo-product-suppliers.php:432
filtermanage_edit-product_columnsincludes\class.awtoolkit-woo-product-suppliers.php:434
actionmanage_product_posts_custom_columnincludes\class.awtoolkit-woo-product-suppliers.php:441
actionadd_meta_boxesincludes\class.awtoolkit-woo-product-suppliers.php:452
actionwoocommerce_product_bulk_edit_startincludes\class.awtoolkit-woo-product-suppliers.php:490
actionwoocommerce_product_bulk_edit_saveincludes\class.awtoolkit-woo-product-suppliers.php:520
actionrestrict_manage_postsincludes\class.awtoolkit-woo-product-suppliers.php:563
filterparse_queryincludes\class.awtoolkit-woo-product-suppliers.php:604
actionmanage_product_posts_custom_columnincludes\class.awtoolkit-woocommerce.php:5
filtermanage_edit-product_columnsincludes\class.awtoolkit-woocommerce.php:14
filtermanage_edit-product_sortable_columnsincludes\class.awtoolkit-woocommerce.php:22
actionmanage_product_posts_custom_columnincludes\class.awtoolkit-woocommerce.php:32
filtermanage_edit-product_columnsincludes\class.awtoolkit-woocommerce.php:41
filtermanage_edit-product_sortable_columnsincludes\class.awtoolkit-woocommerce.php:49
actionmanage_shop_order_posts_custom_columnincludes\class.awtoolkit-woocommerce.php:61
filterposts_orderbyincludes\class.awtoolkit-woocommerce.php:87
actioninitincludes\class.awtoolkit-woocommerce.php:170
filterwoocommerce_checkout_create_orderincludes\class.awtoolkit-woocommerce.php:197
Maintenance & Trust

AWcode Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

AWcode Toolkit Alternatives

Kitgenix CAPTCHA for Cloudflare Turnstile

Kitgenix CAPTCHA for Cloudflare Turnstile

kitgenix-captcha-for-cloudflare-turnstile

A
100

Add Cloudflare Turnstile to WordPress, WooCommerce, Elementor, and popular form plugins. Privacy-first spam protection with server-side verification.

300 No CVEs
Beetle Tracking – Cloudflare Zaraz for WooCommerce

Beetle Tracking – Cloudflare Zaraz for WooCommerce

beetle-tracking

A
100

Track Key Events and Parameters on WordPress Effortlessly with Cloudflare Zaraz's Real Edge Server-Side Tracking Technology.

200 No CVEs
myPortfolio Plus

myPortfolio Plus

my-portfolio-plus

A
85

My Portfolio Plus enables a Web Developer/Designer to create a Wordpress Portfolio for their work in a very easy way.

10 No CVEs
WP Folio

WP Folio

wp-foliolio

A
100

WP-Foliolio enables a Web Developer/Designer to create a Wordpress Portfolio for their work with wp's familiar content creation system.

10 No CVEs
EdgeMail

EdgeMail

edgemail

A
100

Replace WordPress transactional email with Cloudflare Worker endpoint integration.

0 No CVEs
Developer Profile

AWcode Toolkit Developer Profile

awcode

4 plugins · 110 total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
38 days
View full developer profile
Detection Fingerprints

How We Detect AWcode Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/awcode-toolkit/includes/class.awtoolkit-remote.php/wp-content/plugins/awcode-toolkit/includes/class.awtoolkit-general.php/wp-content/plugins/awcode-toolkit/includes/class.awtoolkit-setting.php/wp-content/plugins/awcode-toolkit/includes/class.awtoolkit-woocommerce.php/wp-content/plugins/awcode-toolkit/includes/class.awtoolkit-woo-product-suppliers.php/wp-content/plugins/awcode-toolkit/aw-toolkit.php

HTML / DOM Fingerprints

CSS Classes
wp-smush-exceed-limitwp-smush-resume-bulk-smushwp-smush-bulk-progress-bar-wrapper
JS Globals
MutationObserverwindow$
REST Endpoints
/awtoolkit/v1/status/awtoolkit/v1/plugins/awtoolkit/v1/themes/awtoolkit/v1/users/awtoolkit/v1/upgrade/core/awtoolkit/v1/upgrade/plugin/awtoolkit/v1/upgrade/theme
FAQ

Frequently Asked Questions about AWcode Toolkit