Does Backend Designer have any unpatched vulnerabilities?

No. All known vulnerabilities in Backend Designer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Backend Designer compatible with WordPress 6.5.8?

According to WordPress.org data, Backend Designer 1.4 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Backend Designer updated?

Backend Designer was last updated on Apr 11, 2024. Frequent updates are generally a positive security signal.

What is Backend Designer's security score?

Backend Designer has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Backend Designer Security & Risk Analysis

wordpress.org/plugins/backend-designer

Create your own design for the Wordpress Backend with live-preview and customize the Login screen with your own logo and awesome color styles.

1K active installs v1.4 PHP + WP 3.0.1+ Updated Apr 11, 2024

admin-themebackend-designerbackend-themecustomize-admindesign-backend

A · Safe

CVEs total1

Unpatched0

Last CVEApr 16, 2024

Plugin page Download

Safety Verdict

Is Backend Designer Safe to Use in 2026?

Generally Safe

Score 91/100

Backend Designer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 16, 2024Updated 1yr ago

Risk Assessment

The 'backend-designer' plugin exhibits a mixed security posture. While the static analysis reveals a lack of common attack vectors like AJAX handlers, REST API routes, shortcodes, and cron events, indicating a potentially limited attack surface, several concerning signals are present. The very low percentage of properly escaped output (8%) combined with two flows with unsanitized paths, even if not critical or high severity in the taint analysis, suggests a significant risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce and capability checks on any entry points further exacerbates this risk, as any unescaped output could potentially be triggered by an unauthenticated or lower-privileged user. The plugin's vulnerability history, with a recent medium severity XSS vulnerability, reinforces the concern about output sanitization. Although no unpatched CVEs are currently listed, the pattern of XSS vulnerabilities and the static analysis findings point to a need for substantial improvements in output escaping and authorization checks.

Key Concerns

Low output escaping percentage
Unsanitized paths in taint flows
No capability checks
No nonce checks
Recent medium severity vulnerability (XSS)

Vulnerabilities

Backend Designer Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-32591medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Backend Designer <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 1.4 (8d)

Code Analysis

Analyzed Mar 16, 2026

Backend Designer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

8% escaped25 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

backend_designer_font (output\styles.php:211)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Backend Designer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_enqueue_scriptsadmin\options.php:7

actionadmin_menuadmin\options.php:26

actionadmin_initadmin\options.php:27

filterget_user_option_admin_coloradmin\options.php:391

actionadmin_footeradmin\options.php:403

actionplugins_loadedbackend-designer.php:30

actionadmin_footeroutput\styles.php:3

actionlogin_enqueue_scriptsoutput\styles.php:166

actionadmin_headoutput\styles.php:210

Maintenance & Trust

Backend Designer Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 11, 2024

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings4

Active installs1K

Alternatives

Backend Designer Alternatives

Easy Backend-Style

easybackendstyle

100

This plugin allows you to easily customize the colors in the backend. The changes are easily made via predefined fields.

200 No CVEs

OT Admin Theme

ot-admin-theme

OT WordPress Admin theme Plugin will give unlimited color for your WP admin area

10 No CVEs

Add Admin CSS

add-admin-css

Easily define additional CSS (inline and/or by URL) to be added to all administration pages.

10K 1 CVE

Slate Admin Theme

slate-admin-theme

A clean, simplified WordPress Admin theme.

6K No CVEs

Aquila Admin Theme

aquila-admin-theme

Material Design inspired admin theme with a customisable color scheme. Add your own custom logo to match your website.

4K No CVEs

Developer Profile

Backend Designer Developer Profile

Daniele De Rosa

5 plugins · 3K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Backend Designer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/backend-designer/admin/css/spectrum.css/wp-content/plugins/backend-designer/admin/css/admin.css/wp-content/plugins/backend-designer/admin/js/spectrum.js

Script Paths

/wp-content/plugins/backend-designer/admin/js/spectrum.js

HTML / DOM Fingerprints

CSS Classes

ddbd_options_field_primarycolorddbd_options_field_text_primaryddbd_options_field_secondarycolorddbd_options_field_text_secondaryddbd_options_field_focus_color

Data Attributes

name='ddbd_settings[primarycolor]'name='ddbd_settings[text-for-primary]'name='ddbd_settings[secondarycolor]'name='ddbd_settings[text-for-secondary]'name='ddbd_settings[focus-color]'name='ddbd_settings[custom_font]'+10 more

FAQ