WP-Safety

Catch Web Tools Security & Risk Analysis

wordpress.org/plugins/catch-web-tools

A top-notch modular plugin that can greatly enhance the capabilities of a WordPress website with its powerful features.

10K active installs v3.2.1 PHP + WP 5.9+ Updated Apr 11, 2026
admincatch-idsshowsimplewp-admin
100
A · Safe
CVEs total1
Unpatched0
Last CVEJan 24, 2022
Plugin page Download
Safety Verdict

Is Catch Web Tools Safe to Use in 2026?

Generally Safe

Score 100/100

Catch Web Tools has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 24, 2022Updated 1mo ago
Risk Assessment

The "catch-web-tools" v3.1 plugin exhibits a generally strong security posture, with significant strengths in its handling of entry points and output escaping. The static analysis indicates a well-defined attack surface with all identified AJAX handlers and REST API routes properly secured with authentication or permission checks. The absence of dangerous functions, file operations, and external HTTP requests is also a positive indicator. Furthermore, the plugin demonstrates robust use of nonce and capability checks, suggesting good security awareness in its development.

However, a critical concern arises from the SQL query handling. The analysis reveals one SQL query that is not using prepared statements, posing a significant risk of SQL injection vulnerabilities. While the plugin has a history of a medium-severity CVE related to Missing Authorization, it's noteworthy that this vulnerability is currently patched and not present in this version. The lack of taint analysis data limits the ability to uncover complex or multi-stage vulnerabilities, but the direct SQL query issue is a clear and actionable finding. Overall, the plugin is well-protected against common web vulnerabilities, but the unescaped SQL query presents a notable risk that needs immediate attention.

Key Concerns

  • Raw SQL query without prepared statements
Vulnerabilities
1 published

Catch Web Tools Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-toolsmedium · 5.4Missing Authorization

Catch Web Tools <= 2.7.0 - Missing Authorization

Jan 24, 2022 Patched in 2.7.1 (729d)
Version History

Catch Web Tools Release Timeline

v3.2.1Current
v3.2
v3.1
v3.0.1
v3.0
v2.7.6
v2.7.5
v2.7.4
v2.7.3
v2.7.2
v2.7.1
v2.71 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
v2.6.61 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
v2.6.51 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
v2.6.41 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
v2.6.31 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
v2.6.21 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
v2.6.11 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
v2.61 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
v2.51 CVE
WF-63bced7f-89ec-4c52-9e58-63ef2d311b31-catch-web-tools
Code Analysis
Analyzed Mar 16, 2026

Catch Web Tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
71
356 escaped
Nonce Checks
6
Capability Checks
18
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

83% escaped427 total outputs
Attack Surface

Catch Web Tools Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 4

authwp_ajax_catchwebtools_catchids_switchadmin\inc\catch-ids.php:162
authwp_ajax_query-themesadmin\inc\CatchThemesThemePlugin.php:11
authwp_ajax_customize_load_themesadmin\inc\CatchThemesThemePlugin.php:21
authwp_ajax_ctp_switchadmin\inc\ctp-tabs-removal.php:85

Shortcodes 1

[catchthemes_social_icons] admin\inc\social-icons.php:187
WordPress Hooks 76
actionadmin_enqueue_scriptsadmin\admin-functions.php:87
actionadmin_initadmin\admin-functions.php:116
filterbig_image_size_thresholdadmin\admin-functions.php:123
actionafter_setup_themeadmin\admin-functions.php:169
actionadmin_initadmin\catch-updater\inc\catch-updater-modify-installer.php:30
actionload-theme-install.phpadmin\catch-updater\inc\catch-updater-modify-installer.php:33
actionadmin_noticesadmin\catch-updater\inc\catch-updater-modify-installer.php:178
actionadmin_noticesadmin\catch-updater\inc\catch-updater-modify-installer.php:230
actionadmin_noticesadmin\catch-updater\inc\catch-updater-modify-installer.php:261
actionadmin_noticesadmin\catch-updater\inc\catch-updater-modify-installer.php:268
actionall_admin_noticesadmin\catch-updater\inc\catch-updater-modify-installer.php:274
actionadmin_initadmin\catch-updater\inc\catch-updater-plugin-modify-installer.php:30
actionload-plugin-install.phpadmin\catch-updater\inc\catch-updater-plugin-modify-installer.php:33
actionadmin_noticesadmin\catch-updater\inc\catch-updater-plugin-modify-installer.php:140
actionadmin_noticesadmin\catch-updater\inc\catch-updater-plugin-modify-installer.php:192
actionadmin_noticesadmin\catch-updater\inc\catch-updater-plugin-modify-installer.php:217
actionadmin_noticesadmin\catch-updater\inc\catch-updater-plugin-modify-installer.php:224
actionall_admin_noticesadmin\catch-updater\inc\catch-updater-plugin-modify-installer.php:229
actiontemplate_includeadmin\catch-updater\inc\catch-updater-show-maintenance-message.php:24
actionadmin_headadmin\inc\catch-ids.php:76
actionmanage_media_columnsadmin\inc\catch-ids.php:90
filtermanage_media_custom_columnadmin\inc\catch-ids.php:91
actionmanage_link_custom_columnadmin\inc\catch-ids.php:95
filtermanage_link-manager_columnsadmin\inc\catch-ids.php:96
actionmanage_edit-link-categories_columnsadmin\inc\catch-ids.php:99
filtermanage_link_categories_custom_columnadmin\inc\catch-ids.php:100
actionmanage_users_columnsadmin\inc\catch-ids.php:125
filtermanage_users_custom_columnadmin\inc\catch-ids.php:126
filtermanage_users_sortable_columnsadmin\inc\catch-ids.php:128
actionmanage_edit-comments_columnsadmin\inc\catch-ids.php:134
actionmanage_comments_custom_columnadmin\inc\catch-ids.php:135
filtermanage_edit-comments_sortable_columnsadmin\inc\catch-ids.php:137
actionadmin_initadmin\inc\catch-ids.php:143
actionadmin_enqueue_scriptsadmin\inc\CatchThemesThemePlugin.php:13
actioncustomize_registeradmin\inc\CatchThemesThemePlugin.php:16
filterinstall_plugins_tabsadmin\inc\CatchThemesThemePlugin.php:23
filterinstall_plugins_table_api_args_catchpluginsadmin\inc\CatchThemesThemePlugin.php:24
actioninstall_plugins_catchpluginsadmin\inc\CatchThemesThemePlugin.php:25
actionadmin_menuadmin\inc\core.php:23
actionadmin_initadmin\inc\core.php:25
actioncustomize_registeradmin\inc\core.php:27
actioncustomize_registeradmin\inc\core.php:29
filterplugin_row_metaadmin\inc\core.php:31
actionadmin_initadmin\inc\ctp-tabs-removal.php:17
actioncategory_edit_form_fieldsadmin\inc\metabox.php:18
actioncategory_add_form_fieldsadmin\inc\metabox.php:19
actionedited_categoryadmin\inc\metabox.php:20
actioncreate_categoryadmin\inc\metabox.php:21
actionadmin_enqueue_scriptsadmin\inc\metabox.php:44
actionadmin_menuadmin\inc\metabox.php:63
actionsave_postadmin\inc\metabox.php:304
actionpublish_postadmin\inc\metabox.php:305
actiondraft_postadmin\inc\metabox.php:306
actionwidgets_initadmin\inc\social-icons.php:186
actionwp_enqueue_scriptsfrontend\frontend-functions.php:34
actionwp_enqueue_scriptsfrontend\frontend-functions.php:40
actionwp_headfrontend\frontend-functions.php:121
actionwp_footerfrontend\frontend-functions.php:160
filterlanguage_attributesfrontend\inc\opengraph-tools.php:104
filterwp_titlefrontend\inc\seo.php:117
filterinitfrontend\inc\seo.php:120
filterfeed_linkfrontend\inc\webmasters-tools.php:91
actiontemplate_redirectfrontend\inc\webmasters-tools.php:131
actioninitfunctions.php:58
filterplugin_action_linksfunctions.php:146
actionadmin_enqueue_scriptsto-top\includes\class-to-top.php:121
actionadmin_enqueue_scriptsto-top\includes\class-to-top.php:122
actioncustomize_registerto-top\includes\class-to-top.php:124
actioncustomize_controls_enqueue_scriptsto-top\includes\class-to-top.php:126
actioncustomize_preview_initto-top\includes\class-to-top.php:128
actionwp_enqueue_scriptsto-top\includes\class-to-top.php:143
actionwp_enqueue_scriptsto-top\includes\class-to-top.php:144
actionwp_headto-top\includes\class-to-top.php:147
actionadmin_headto-top\includes\class-to-top.php:148
actionwp_footerto-top\includes\class-to-top.php:150
actionadmin_footerto-top\includes\class-to-top.php:151
Maintenance & Trust

Catch Web Tools Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 11, 2026
PHP min version
Downloads562K

Community Trust

Rating100/100
Number of ratings3
Active installs10K
Alternatives

Catch Web Tools Alternatives

Catch IDs

Catch IDs

catch-ids

A
100

What this plugin does is to shows the IDs on admin section.

20K No CVEs
Gmt Post IDs

Gmt Post IDs

gmt-post-ids

A
85

This plugin displays the IDs in the admin section.

0 No CVEs
All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more.

change-wp-admin-login

A
97

Do you want to secure and customize the WordPress login page? Download the All in One Login plugin for login page security and customization.

70K 3 CVEs
Reveal IDs

Reveal IDs

reveal-ids-for-wp-admin-25

A
100

What this plugin does is to reveal most removed IDs on admin pages, as it was in versions prior to 2.5.

40K No CVEs
Change WordPress Login Logo

Change WordPress Login Logo

change-login-logo

A
91

Upload your logo for WordPress login page instead of the usual WordPress logo with simple settings.

20K 1 CVE
Developer Profile

Catch Web Tools Developer Profile

Catch Themes

156 plugins · 226K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
251 days
View full developer profile
Detection Fingerprints

How We Detect Catch Web Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/catch-web-tools/admin/css/admin-dashboard.css/wp-content/plugins/catch-web-tools/admin/css/admin.css/wp-content/plugins/catch-web-tools/admin/js/admin.js/wp-content/plugins/catch-web-tools/admin/js/catch-updater-admin.js/wp-content/plugins/catch-web-tools/admin/css/catch-updater-admin.css/wp-content/plugins/catch-web-tools/admin/js/catch-ids.js/wp-content/plugins/catch-web-tools/admin/css/catch-ids.css/wp-content/plugins/catch-web-tools/css/font-awesome/css/all.min.css
Script Paths
/wp-content/plugins/catch-web-tools/admin/js/admin.js/wp-content/plugins/catch-web-tools/admin/js/jquery.matchHeight.min.js/wp-content/plugins/catch-web-tools/css/font-awesome/css/all.min.css/wp-content/plugins/catch-web-tools/admin/css/admin.css/wp-content/plugins/catch-web-tools/admin/css/admin-dashboard.css/wp-content/plugins/catch-web-tools/admin/js/catch-updater-admin.js+3 more
Version Parameters
/wp-content/plugins/catch-web-tools/admin/js/admin.js?ver=/wp-content/plugins/catch-web-tools/css/font-awesome/css/all.min.css?ver=/wp-content/plugins/catch-web-tools/admin/css/admin.css?ver=/wp-content/plugins/catch-web-tools/admin/css/admin-dashboard.css?ver=/wp-content/plugins/catch-web-tools/admin/js/catch-updater-admin.js?ver=/wp-content/plugins/catch-web-tools/admin/css/catch-updater-admin.css?ver=/wp-content/plugins/catch-web-tools/admin/js/catch-ids.js?ver=/wp-content/plugins/catch-web-tools/admin/css/catch-ids.css?ver=

HTML / DOM Fingerprints

CSS Classes
catchwebtools-plugin-options
JS Globals
CATCHWEBTOOLS_URLCATCHWEBTOOLS_VERSIONCATCHWEBTOOLS_PATHCATCHWEBTOOLS_BASENAME
FAQ

Frequently Asked Questions about Catch Web Tools