Axio Core Security & Risk Analysis

wordpress.org/plugins/axio-core

Core plugin for WordPress projects.

300 active installs v1.1.2 PHP 7.0+ WP 5.0.0+ Updated Jan 19, 2022
axioaxio-startercore
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Axio Core Safe to Use in 2026?

Generally Safe

Score 85/100

Axio Core has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The axio-core plugin v1.1.2 exhibits a generally strong security posture based on the static analysis. A significant strength is the complete absence of identified attack surface entry points like AJAX handlers, REST API routes, shortcodes, or cron events without proper authorization checks. The code also demonstrates good practices with a high percentage of properly escaped outputs and a lack of dangerous functions, file operations, or external HTTP requests. The presence of capability checks further reinforces its secure design.

However, a notable concern is the presence of a single SQL query that does not utilize prepared statements. While only one query is present, this remains a potential vulnerability for SQL injection if the input feeding this query is not rigorously sanitized. Furthermore, the absence of any recorded vulnerabilities in its history, while seemingly positive, could indicate a lack of extensive security auditing or a relatively new plugin without a long track record. The inclusion of TinyMCE as a bundled library, if not kept up-to-date, could also introduce risks, though no specific version information is provided to assess this.

In conclusion, axio-core v1.1.2 appears to be a well-secured plugin with a minimal attack surface and good coding practices. The primary area for improvement lies in addressing the single raw SQL query to prevent potential injection vulnerabilities. The plugin's clean history is a positive indicator, but ongoing vigilance regarding bundled libraries and potential future threats is recommended.

Key Concerns

  • Raw SQL query without prepared statements
Vulnerabilities
None known

Axio Core Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Axio Core Release Timeline

v1.1.2Current
Code Analysis
Analyzed Mar 16, 2026

Axio Core Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
2
51 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared1 total queries

Output Escaping

96% escaped53 total outputs
Attack Surface

Axio Core Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 61
actionadmin_menufeatures\admin\sub_features\class-admin-front-page-edit-link.php:24
filtermedia_view_settingsfeatures\admin\sub_features\class-admin-gallery.php:24
actionadmin_initfeatures\admin\sub_features\class-admin-image-link.php:24
filterlogin_headertextfeatures\admin\sub_features\class-admin-login.php:24
filterlogin_headerurlfeatures\admin\sub_features\class-admin-login.php:25
actionadmin_menufeatures\admin\sub_features\class-admin-menu-cleanup.php:24
actionadmin_headfeatures\admin\sub_features\class-admin-notifications.php:24
filteruser_contactmethodsfeatures\admin\sub_features\class-admin-profile-cleanup.php:25
actionadmin_bar_menufeatures\admin\sub_features\class-admin-remove-customizer.php:24
filtertiny_mce_before_initfeatures\classic-editor\sub_features\class-editor-tinymce.php:24
actionwp_dashboard_setupfeatures\dashboard\sub_features\class-dashboard-cleanup.php:24
actionwp_dashboard_setupfeatures\dashboard\sub_features\class-dashboard-recent-widget.php:25
actionadmin_enqueue_scriptsfeatures\dashboard\sub_features\class-dashboard-recent-widget.php:26
filterthe_contentfeatures\debug\sub_features\class-debug-style-guide.php:24
actionwp_headfeatures\debug\sub_features\class-debug-wireframe.php:24
filterthe_contentfeatures\front-end\sub_features\class-front-end-clean-empty-html.php:25
filterexcerpt_morefeatures\front-end\sub_features\class-front-end-excerpt.php:24
filterexcerpt_lengthfeatures\front-end\sub_features\class-front-end-excerpt.php:25
filternext_posts_link_attributesfeatures\front-end\sub_features\class-front-end-html-fixes.php:24
filterscript_loader_tagfeatures\front-end\sub_features\class-front-end-html-fixes.php:25
filterwp_unique_post_slug_is_bad_attachment_slugfeatures\front-end\sub_features\class-front-end-uglify-attachment-permalink.php:25
actioninitfeatures\localization\sub_features\class-localization-string-translations.php:41
filteracf/settings/show_adminfeatures\plugins\sub_features\class-plugins-acf.php:25
filterrender_block_datafeatures\plugins\sub_features\class-plugins-acf.php:26
filterpre_option_cookiebot_notice_recommendfeatures\plugins\sub_features\class-plugins-cookiebot.php:25
filtergform_tabindexfeatures\plugins\sub_features\class-plugins-gravityforms.php:28
filtergform_init_scripts_footerfeatures\plugins\sub_features\class-plugins-gravityforms.php:33
filterppp_nonce_lifefeatures\plugins\sub_features\class-plugins-public-post-preview.php:25
filterredirection_rolefeatures\plugins\sub_features\class-plugins-redirection.php:24
actionwp_before_admin_bar_renderfeatures\plugins\sub_features\class-plugins-seo.php:24
actionadmin_initfeatures\plugins\sub_features\class-plugins-yoast.php:25
filterwpseo_metabox_priofeatures\plugins\sub_features\class-plugins-yoast.php:26
filterthe_seo_framework_metabox_priorityfeatures\plugins\sub_features\class-plugins-yoast.php:27
filterwpseo_opengraph_image_sizefeatures\plugins\sub_features\class-plugins-yoast.php:28
filterwpseo_twitter_image_sizefeatures\plugins\sub_features\class-plugins-yoast.php:29
filterwpseo_schema_needs_authorfeatures\plugins\sub_features\class-plugins-yoast.php:32
filteradmin_email_check_intervalfeatures\security\sub_features\class-security-disable-admin-email-check.php:25
filterthe_generatorfeatures\security\sub_features\class-security-head-cleanup.php:26
filterxmlrpc_enabledfeatures\security\sub_features\class-security-head-cleanup.php:29
filterwp_headersfeatures\security\sub_features\class-security-head-cleanup.php:32
filterxmlrpc_methodsfeatures\security\sub_features\class-security-head-cleanup.php:35
filterthe_authorfeatures\security\sub_features\class-security-hide-users.php:25
filterthe_modified_authorfeatures\security\sub_features\class-security-hide-users.php:26
filterget_the_author_linkfeatures\security\sub_features\class-security-hide-users.php:27
filterrest_endpointsfeatures\security\sub_features\class-security-hide-users.php:28
filtercomment_moderation_recipientsfeatures\security\sub_features\class-security-remove-comment-moderation.php:25
actionadmin_initfeatures\security\sub_features\class-security-remove-commenting.php:25
actionadmin_menufeatures\security\sub_features\class-security-remove-commenting.php:26
actionadmin_initfeatures\security\sub_features\class-security-remove-commenting.php:27
actionadmin_initfeatures\security\sub_features\class-security-remove-commenting.php:28
actionwp_before_admin_bar_renderfeatures\security\sub_features\class-security-remove-commenting.php:29
filtercomments_arrayfeatures\security\sub_features\class-security-remove-commenting.php:31
filtercomments_openfeatures\security\sub_features\class-security-remove-commenting.php:34
filterpings_openfeatures\security\sub_features\class-security-remove-commenting.php:35
filterwp_revisions_to_keepfeatures\speed\sub_features\class-speed-limit-revisions.php:24
actionwp_default_scriptsfeatures\speed\sub_features\class-speed-move-jquery.php:24
actioninitfeatures\speed\sub_features\class-speed-remove-emojis.php:24
actionadd_meta_boxesfeatures\speed\sub_features\class-speed-remove-metabox.php:24
actionafter_setup_themeplugin.php:65
actionplugins_loadedplugin.php:158
actionplugins_loadedplugin.php:165
Maintenance & Trust

Axio Core Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJan 19, 2022
PHP min version7.0
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs300
Developer Profile

Axio Core Developer Profile

Generaxion

6 plugins · 560 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Axio Core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/axio-core/features/dashboard/assets/css/dashboard-recent-widget.css

HTML / DOM Fingerprints

CSS Classes
axio-core-dashboard-recent-widget
FAQ

Frequently Asked Questions about Axio Core