Does Basticom Framework have any unpatched vulnerabilities?

No. All known vulnerabilities in Basticom Framework have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Basticom Framework compatible with WordPress 6.6.5?

According to WordPress.org data, Basticom Framework 1.5.3 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Basticom Framework compatible with PHP 7.2+?

Basticom Framework requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Basticom Framework updated?

Basticom Framework was last updated on Jan 9, 2026. Frequent updates are generally a positive security signal.

What is Basticom Framework's security score?

Basticom Framework has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Basticom Framework Security & Risk Analysis

wordpress.org/plugins/basticom-framework

The Basticom framework plugin allows you to modify certain core functions of Wordpress as well as fine-tune some additional settings.

100 active installs v1.5.3 PHP 7.2+ WP 5.2+ Updated Jan 9, 2026

acfadminframeworkoptimize

A · Safe

CVEs total2

Unpatched0

Last CVEDec 21, 2025

Plugin page Download

Safety Verdict

Is Basticom Framework Safe to Use in 2026?

Generally Safe

Score 98/100

Basticom Framework has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 21, 2025Updated 2mo ago

Risk Assessment

The basticom-framework plugin v1.5.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively utilizing prepared statements, and has no currently unpatched known vulnerabilities. The absence of bundled libraries and external HTTP requests are also favorable indicators. However, significant concerns arise from its attack surface and code analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks, creating a direct entry point for potential exploitation. Furthermore, only 26% of output escaping is properly implemented, indicating a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, a pattern consistent with its vulnerability history which notes two previous medium-severity XSS issues. The taint analysis, while limited in scope, did identify a flow with unsanitized paths, suggesting potential for insecure handling of user-supplied data. The lack of nonce checks on the unprotected AJAX endpoints is a critical oversight.

Key Concerns

AJAX handlers without authentication
Low percentage of properly escaped output
Unsanitized path flow identified
Lack of nonce checks on AJAX handlers
Two medium severity CVEs in history
Use of dangerous functions (exec, create_function)

Vulnerabilities

Basticom Framework Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-67629medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Basticom Framework <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Dec 21, 2025 Patched in 1.5.3 (24d)

CVE-2024-9443medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Nov 4, 2024 Patched in 1.5.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

Basticom Framework Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec( 'cd ' . ABSPATH . $pathFromRoot . '; git rev-parse --verify HEAD 2> /dev/null', $output );admin\modules\bstcmfw-jigsaw.php:215

create_functionadd_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ), 2 );admin\modules\bstcmfw-updatenotifications.php:10

create_functionadd_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) );admin\modules\bstcmfw-updatenotifications.php:11

Output Escaping

26% escaped54 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<bstcmfw-cookie> (admin\modules\bstcmfw-cookie.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Basticom Framework Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_get_scripts_hookadmin\modules\bstcmfw-cookie.php:127

noprivwp_ajax_get_scripts_hookadmin\modules\bstcmfw-cookie.php:128

WordPress Hooks 78

filterscript_loader_tagadmin\modules\bstcmfw-adddefer.php:4

actionwp_before_admin_bar_renderadmin\modules\bstcmfw-cleanadminbar.php:4

actionwidgets_initadmin\modules\bstcmfw-comments.php:10

filterwp_headersadmin\modules\bstcmfw-comments.php:11

actiontemplate_redirectadmin\modules\bstcmfw-comments.php:12

actiontemplate_redirectadmin\modules\bstcmfw-comments.php:15

actionadmin_initadmin\modules\bstcmfw-comments.php:16

actionwp_loadedadmin\modules\bstcmfw-comments.php:19

actionadmin_menuadmin\modules\bstcmfw-comments.php:36

actionadmin_headadmin\modules\bstcmfw-comments.php:37

actionwp_dashboard_setupadmin\modules\bstcmfw-comments.php:38

filterpre_option_default_pingback_flagadmin\modules\bstcmfw-comments.php:39

actiontemplate_redirectadmin\modules\bstcmfw-comments.php:43

filtercomments_openadmin\modules\bstcmfw-comments.php:44

filterpings_openadmin\modules\bstcmfw-comments.php:45

filterpost_comments_feed_linkadmin\modules\bstcmfw-comments.php:48

filtercomments_link_feedadmin\modules\bstcmfw-comments.php:49

filtercomment_linkadmin\modules\bstcmfw-comments.php:50

filterget_comments_numberadmin\modules\bstcmfw-comments.php:53

actionwp_headadmin\modules\bstcmfw-comments.php:56

filtercomments_templateadmin\modules\bstcmfw-comments.php:63

actionadmin_bar_menuadmin\modules\bstcmfw-comments.php:93

actionadmin_print_footer_scriptsadmin\modules\bstcmfw-comments.php:119

actionwp_headadmin\modules\bstcmfw-comments.php:146

filterembed_oembed_htmladmin\modules\bstcmfw-cookie.php:18

actionwp_footeradmin\modules\bstcmfw-cookie.php:64

actionwp_enqueue_scriptsadmin\modules\bstcmfw-cookie.php:92

actionadmin_enqueue_scriptsadmin\modules\bstcmfw-cookie.php:93

filtertemplate_includeadmin\modules\bstcmfw-cookie.php:171

actionwp_dashboard_setupadmin\modules\bstcmfw-dashboard.php:4

filtershow_admin_baradmin\modules\bstcmfw-disableadminbar.php:4

filteremoji_svg_urladmin\modules\bstcmfw-emojis.php:12

filteradmin_footer_textadmin\modules\bstcmfw-footertext.php:4

filtergform_ip_addressadmin\modules\bstcmfw-gfanonymize.php:4

filtergform_submit_buttonadmin\modules\bstcmfw-gfbuttons.php:4

filtergform_validation_messageadmin\modules\bstcmfw-gferrors.php:4

actionacf/initadmin\modules\bstcmfw-googleapikey.php:4

filterjpeg_qualityadmin\modules\bstcmfw-imagecompression.php:5

filterpost_type_linkadmin\modules\bstcmfw-jigsaw-permalinks.php:26

actiontemplate_redirectadmin\modules\bstcmfw-jigsaw-permalinks.php:91

actionpre_get_postsadmin\modules\bstcmfw-jigsaw-permalinks.php:100

filterpost_type_linkadmin\modules\bstcmfw-jigsaw-permalinks.php:122

actionpre_get_postsadmin\modules\bstcmfw-jigsaw-permalinks.php:125

actionadmin_enqueue_scriptsadmin\modules\bstcmfw-jigsaw.php:28

actionadmin_noticesadmin\modules\bstcmfw-jigsaw.php:40

actionadmin_bar_menuadmin\modules\bstcmfw-jigsaw.php:46

actionadmin_bar_menuadmin\modules\bstcmfw-jigsaw.php:81

actioninitadmin\modules\bstcmfw-jigsaw.php:91

filterupdate_footeradmin\modules\bstcmfw-jigsaw.php:210

actioninitadmin\modules\bstcmfw-jigsaw.php:228

actioninitadmin\modules\bstcmfw-jigsaw.php:237

filterpost_row_actionsadmin\modules\bstcmfw-jigsaw.php:270

filterpage_row_actionsadmin\modules\bstcmfw-jigsaw.php:271

actionadmin_menuadmin\modules\bstcmfw-links.php:4

actionpre_get_postsadmin\modules\bstcmfw-optimizequery.php:4

filterscript_loader_srcadmin\modules\bstcmfw-removeversion.php:4

filterstyle_loader_srcadmin\modules\bstcmfw-removeversion.php:5

actionadmin_initadmin\modules\bstcmfw-serverstats.php:14

actioninitadmin\modules\bstcmfw-serverstats.php:19

filteradmin_footer_textadmin\modules\bstcmfw-serverstats.php:20

actioninitadmin\modules\bstcmfw-tags.php:4

actioninitadmin\modules\bstcmfw-tags.php:8

actionadmin_menuadmin\modules\bstcmfw-themeeditor.php:4

actioninitadmin\modules\bstcmfw-updatenotifications.php:4

actioninitadmin\modules\bstcmfw-updatenotifications.php:10

filterpre_option_update_coreadmin\modules\bstcmfw-updatenotifications.php:11

actionwidgets_initadmin\modules\bstcmfw-widgets.php:4

actionadmin_menuadmin\modules\bstcmfw-widgets.php:21

filterxmlrpc_methodsadmin\modules\bstcmfw-xmlrpc.php:4

actionadmin_initbasticom-framework.php:20

actioninitbasticom-framework.php:21

actioninitbasticom-framework.php:22

actioninitbasticom-framework.php:23

actiontemplate_redirectbasticom-framework.php:24

actionplugins_loadedbasticom-framework.php:25

actionadmin_menubasticom-framework.php:26

actionadmin_enqueue_scriptsbasticom-framework.php:27

filterquery_varsbasticom-framework.php:30

Maintenance & Trust

Basticom Framework Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJan 9, 2026

PHP min version7.2

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Basticom Framework Alternatives

Redux Framework

redux-framework

Redux is a simple, truly extensible, and fully responsive options framework for WordPress themes and plugins. It ships with an integrated demo.

1.0M 6 CVEs

Advanced Custom Fields: Extended

acf-extended

All-in-one enhancement suite that improves WordPress & Advanced Custom Fields.

100K 4 CVEs

ACF qTranslate

acf-qtranslate

Provides qTranslate compatible ACF field types for Text, Text Area, WYSIWYG, Image and File.

9K No CVEs

Admin Columns for ACF Fields

admin-columns-for-acf-fields

Allows you to enable columns for your ACF fields in post and taxonomy overviews (e.g. "All Posts") in the Wordpress admin backend.

9K No CVEs

Advanced Custom Fields: Typography Field

acf-typography-field

A Typography Add-on for the Advanced Custom Fields Plugin.

3K No CVEs

Developer Profile

Basticom Framework Developer Profile

Basticom

2 plugins · 100 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

13 days

View full developer profile

Detection Fingerprints

How We Detect Basticom Framework

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/basticom-framework/js/jigsaw-admin.js/wp-content/plugins/basticom-framework/css/jigsaw-admin.css

Script Paths

/wp-content/plugins/basticom-framework/js/jigsaw-admin.js

Version Parameters

basticom-framework/js/jigsaw-admin.js?ver=basticom-framework/css/jigsaw-admin.css?ver=

HTML / DOM Fingerprints

HTML Comments

SQL row with the meta_key of "database_version," located in the "sitemeta" sql tableEdit that row every time you export a database for handoff

Data Attributes

jigsaw-function

JS Globals

jigsaw_functions

FAQ