WP-Safety

Century ToolKit Security & Risk Analysis

wordpress.org/plugins/century-toolkit

ToolKit for WordPress themes and demo content importer for themes.

800 active installs v1.2.1 PHP + WP 4.0.0+ Updated Jan 14, 2021
contentdemoimportmenuswidgets
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEAug 20, 2025
Plugin page Download
Safety Verdict

Is Century ToolKit Safe to Use in 2026?

Use With Caution

Score 63/100

Century ToolKit has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 20, 2025Updated 5yr ago
Risk Assessment

The "century-toolkit" plugin v1.2.1 exhibits a mixed security posture. While it demonstrates strengths in its use of prepared statements for SQL queries and the absence of critical or high-severity taint flows, several concerns are present. The plugin has a concerning number of AJAX handlers, with one lacking any authentication check, presenting a significant attack vector. Furthermore, the presence of the `unserialize` function is a known risk if not handled with extreme care, as it can lead to remote code execution vulnerabilities if it processes untrusted input. The vulnerability history reveals a medium-severity CVE, specifically a Cross-Site Request Forgery (CSRF), which is concerning as it remains unpatched. The recurrence of CSRF vulnerabilities in the past suggests a potential pattern of insecure handling of user actions. Overall, the plugin has areas of good practice but is hampered by an exposed AJAX endpoint, the use of a dangerous function, and an unpatched historical vulnerability.

Key Concerns

  • Unprotected AJAX handler
  • Presence of unserialize function
  • Unpatched medium severity CVE
  • Below average output escaping (66%)
Vulnerabilities
1

Century ToolKit Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-48357medium · 4.3Cross-Site Request Forgery (CSRF)

Century ToolKit <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation

Aug 20, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Century ToolKit Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
4 prepared
Unescaped Output
43
85 escaped
Nonce Checks
8
Capability Checks
7
File Operations
19
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = @unserialize( $raw );includes\panel\classes\importers\class-settings-importer.php:25

SQL Query Safety

100% prepared4 total queries

Output Escaping

66% escaped128 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
ajax_demo_data (includes\panel\demos.php:246)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Century ToolKit Attack Surface

Entry Points8
Unprotected1

AJAX Handlers 8

authwp_ajax_century_toolkit_ajax_get_demo_dataincludes\panel\demos.php:71
authwp_ajax_century_toolkit_ajax_required_plugins_activateincludes\panel\demos.php:72
authwp_ajax_century_toolkit_ajax_get_import_dataincludes\panel\demos.php:75
authwp_ajax_century_toolkit_ajax_import_xmlincludes\panel\demos.php:78
authwp_ajax_century_toolkit_ajax_import_theme_settingsincludes\panel\demos.php:81
authwp_ajax_century_toolkit_ajax_import_widgetsincludes\panel\demos.php:84
authwp_ajax_century_toolkit_ajax_import_formsincludes\panel\demos.php:87
authwp_ajax_century_toolkit_after_importincludes\panel\demos.php:90
WordPress Hooks 10
filtercentury_toolkit_demos_dataincludes\century-toolkit-demo-data.php:2
actioninitincludes\class-century-toolkit.php:59
actionadmin_menuincludes\panel\classes\class-install-demos.php:23
filterimport_post_meta_keyincludes\panel\classes\importers\class-wordpress-importer.php:103
filterhttp_request_timeoutincludes\panel\classes\importers\class-wordpress-importer.php:104
actionadmin_initincludes\panel\demos.php:38
actionadmin_initincludes\panel\demos.php:40
actionadmin_enqueue_scriptsincludes\panel\demos.php:43
filterupload_mimesincludes\panel\demos.php:46
actionadmin_footerincludes\panel\demos.php:49
Maintenance & Trust

Century ToolKit Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedJan 14, 2021
PHP min version
Downloads53K

Community Trust

Rating0/100
Number of ratings0
Active installs800
Alternatives

Century ToolKit Alternatives

Mirrorgrid Demo Importer

Mirrorgrid Demo Importer

mirrorgrid-demo-importer

A
85

ToolKit for Mirrorgrid themes and demo content importer for themes.

30 No CVEs
Rara One Click Demo Import

Rara One Click Demo Import

rara-one-click-demo-import

A
91

Make your website look like the live demo of the theme with a click!

20K 1 CVE
AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

af-companion

A
100

Quickly import live demo content, widgets and settings with one click

10K 1 CVE
Themebeez Toolkit

Themebeez Toolkit

themebeez-toolkit

B
78

A essential toolkit for WordPress themes developed by us. Themebeez Toolkit helps you to import dummy demo contents. It also adds extra features & &hellip;

9K 1 unpatched
SKT Themes Demo Import

SKT Themes Demo Import

skt-themes-demo-importer

A
100

Live demo content can be imported quickly in just one click including all widgets and settings.

5K No CVEs
Developer Profile

Century ToolKit Developer Profile

Theme Century

3 plugins · 810 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Century ToolKit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/century-toolkit/assets/css/style.css/wp-content/plugins/century-toolkit/assets/js/script.js/wp-content/plugins/century-toolkit/assets/css/select2.min.css/wp-content/plugins/century-toolkit/assets/js/select2.min.js/wp-content/plugins/century-toolkit/assets/js/backend.js/wp-content/plugins/century-toolkit/assets/css/backend.css
Script Paths
/wp-content/plugins/century-toolkit/assets/js/script.js/wp-content/plugins/century-toolkit/assets/js/select2.min.js/wp-content/plugins/century-toolkit/assets/js/backend.js
Version Parameters
century-toolkit/assets/css/style.css?ver=century-toolkit/assets/js/script.js?ver=century-toolkit/assets/css/select2.min.css?ver=century-toolkit/assets/js/select2.min.js?ver=century-toolkit/assets/js/backend.js?ver=century-toolkit/assets/css/backend.css?ver=

HTML / DOM Fingerprints

CSS Classes
century-toolkit-import-wrapcentury-toolkit-import-introcentury-toolkit-import-navcentury-toolkit-import-nav-stepcentury-toolkit-import-nav-step-activecentury-toolkit-import-nav-step-completecentury-toolkit-import-step-contentcentury-toolkit-importer-form+11 more
Data Attributes
data-century-toolkit-noncedata-ct-nonce
JS Globals
century_toolkit_data
FAQ

Frequently Asked Questions about Century ToolKit