Does Century ToolKit have any unpatched vulnerabilities?

Yes — Century ToolKit currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Century ToolKit compatible with WordPress 5.6.17?

According to WordPress.org data, Century ToolKit 1.2.1 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

How often is Century ToolKit updated?

Century ToolKit was last updated on Jan 14, 2021. Frequent updates are generally a positive security signal.

What is Century ToolKit's security score?

Century ToolKit has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Century ToolKit Security & Risk Analysis

wordpress.org/plugins/century-toolkit

ToolKit for WordPress themes and demo content importer for themes.

800 active installs v1.2.1 PHP + WP 4.0.0+ Updated Jan 14, 2021

contentdemoimportmenuswidgets

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 20, 2025

Plugin page Download

Safety Verdict

Is Century ToolKit Safe to Use in 2026?

Use With Caution

Score 63/100

Century ToolKit has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 20, 2025Updated 5yr ago

Risk Assessment

The "century-toolkit" plugin v1.2.1 exhibits a mixed security posture. While it demonstrates strengths in its use of prepared statements for SQL queries and the absence of critical or high-severity taint flows, several concerns are present. The plugin has a concerning number of AJAX handlers, with one lacking any authentication check, presenting a significant attack vector. Furthermore, the presence of the `unserialize` function is a known risk if not handled with extreme care, as it can lead to remote code execution vulnerabilities if it processes untrusted input. The vulnerability history reveals a medium-severity CVE, specifically a Cross-Site Request Forgery (CSRF), which is concerning as it remains unpatched. The recurrence of CSRF vulnerabilities in the past suggests a potential pattern of insecure handling of user actions. Overall, the plugin has areas of good practice but is hampered by an exposed AJAX endpoint, the use of a dangerous function, and an unpatched historical vulnerability.

Key Concerns

Unprotected AJAX handler
Presence of unserialize function
Unpatched medium severity CVE
Below average output escaping (66%)

Vulnerabilities

1 published

Century ToolKit Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-48357medium · 4.3Cross-Site Request Forgery (CSRF)

Century ToolKit <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation

Aug 20, 2025Unpatched

Version History

Century ToolKit Release Timeline

v1.2.1Current1 CVE

v1.2.01 CVE

v1.1.01 CVE

v1.0.61 CVE

v1.0.51 CVE

v1.0.41 CVE

v1.0.31 CVE

v1.0.21 CVE

v1.0.11 CVE

v1.0.01 CVE

Code Analysis

Analyzed Mar 16, 2026

Century ToolKit Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

85 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = @unserialize( $raw );includes\panel\classes\importers\class-settings-importer.php:25

SQL Query Safety

100% prepared4 total queries

Output Escaping

66% escaped128 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

ajax_demo_data (includes\panel\demos.php:246)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Century ToolKit Attack Surface

Entry Points8

Unprotected1

AJAX Handlers 8

authwp_ajax_century_toolkit_ajax_get_demo_dataincludes\panel\demos.php:71

authwp_ajax_century_toolkit_ajax_required_plugins_activateincludes\panel\demos.php:72

authwp_ajax_century_toolkit_ajax_get_import_dataincludes\panel\demos.php:75

authwp_ajax_century_toolkit_ajax_import_xmlincludes\panel\demos.php:78

authwp_ajax_century_toolkit_ajax_import_theme_settingsincludes\panel\demos.php:81

authwp_ajax_century_toolkit_ajax_import_widgetsincludes\panel\demos.php:84

authwp_ajax_century_toolkit_ajax_import_formsincludes\panel\demos.php:87

authwp_ajax_century_toolkit_after_importincludes\panel\demos.php:90

WordPress Hooks 10

filtercentury_toolkit_demos_dataincludes\century-toolkit-demo-data.php:2

actioninitincludes\class-century-toolkit.php:59

actionadmin_menuincludes\panel\classes\class-install-demos.php:23

filterimport_post_meta_keyincludes\panel\classes\importers\class-wordpress-importer.php:103

filterhttp_request_timeoutincludes\panel\classes\importers\class-wordpress-importer.php:104

actionadmin_initincludes\panel\demos.php:38

actionadmin_initincludes\panel\demos.php:40

actionadmin_enqueue_scriptsincludes\panel\demos.php:43

filterupload_mimesincludes\panel\demos.php:46

actionadmin_footerincludes\panel\demos.php:49

Maintenance & Trust

Century ToolKit Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedJan 14, 2021

PHP min version

Downloads53K

Community Trust

Rating0/100

Number of ratings0

Active installs800

Alternatives

Century ToolKit Alternatives

Mirrorgrid Demo Importer

mirrorgrid-demo-importer

ToolKit for Mirrorgrid themes and demo content importer for themes.

30 No CVEs

Rara One Click Demo Import

rara-one-click-demo-import

Make your website look like the live demo of the theme with a click!

20K 1 CVE

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

af-companion

100

Quickly import live demo content, widgets and settings with one click

10K 1 CVE

Themebeez Toolkit

themebeez-toolkit

A essential toolkit for WordPress themes developed by us. Themebeez Toolkit helps you to import dummy demo contents. It also adds extra features & …

9K 1 unpatched

SKT Themes Demo Import

skt-themes-demo-importer

100

Live demo content can be imported quickly in just one click including all widgets and settings.

5K No CVEs

Developer Profile

Century ToolKit Developer Profile

Theme Century

3 plugins · 810 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Century ToolKit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/century-toolkit/assets/css/style.css/wp-content/plugins/century-toolkit/assets/js/script.js/wp-content/plugins/century-toolkit/assets/css/select2.min.css/wp-content/plugins/century-toolkit/assets/js/select2.min.js/wp-content/plugins/century-toolkit/assets/js/backend.js/wp-content/plugins/century-toolkit/assets/css/backend.css

Script Paths

/wp-content/plugins/century-toolkit/assets/js/script.js/wp-content/plugins/century-toolkit/assets/js/select2.min.js/wp-content/plugins/century-toolkit/assets/js/backend.js

Version Parameters

century-toolkit/assets/css/style.css?ver=century-toolkit/assets/js/script.js?ver=century-toolkit/assets/css/select2.min.css?ver=century-toolkit/assets/js/select2.min.js?ver=century-toolkit/assets/js/backend.js?ver=century-toolkit/assets/css/backend.css?ver=

HTML / DOM Fingerprints

CSS Classes

century-toolkit-import-wrapcentury-toolkit-import-introcentury-toolkit-import-navcentury-toolkit-import-nav-stepcentury-toolkit-import-nav-step-activecentury-toolkit-import-nav-step-completecentury-toolkit-import-step-contentcentury-toolkit-importer-form+11 more

Data Attributes

data-century-toolkit-noncedata-ct-nonce

JS Globals

century_toolkit_data

FAQ

Century ToolKit Security & Risk Analysis

Is Century ToolKit Safe to Use in 2026?

Use With Caution

Key Concerns

Century ToolKit Security Vulnerabilities

CVEs by Year

Severity Breakdown

Century ToolKit Release Timeline

Century ToolKit Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Century ToolKit Attack Surface

AJAX Handlers 8

Century ToolKit Maintenance & Trust

Maintenance Signals

Community Trust

Century ToolKit Alternatives

Mirrorgrid Demo Importer

Rara One Click Demo Import

AF Companion – Build Stylish WordPress Websites in Minutes – No Coding, Just Click and Go! Starter Sites Importer for WordPress

Themebeez Toolkit

SKT Themes Demo Import

Century ToolKit Developer Profile

How We Detect Century ToolKit

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Century ToolKit