Does Child Theme Configurator have any unpatched vulnerabilities?

No. All known vulnerabilities in Child Theme Configurator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Child Theme Configurator compatible with WordPress 6.8.5?

According to WordPress.org data, Child Theme Configurator 2.6.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Child Theme Configurator compatible with PHP 7.4+?

Child Theme Configurator requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Child Theme Configurator updated?

Child Theme Configurator was last updated on Jun 10, 2025. Frequent updates are generally a positive security signal.

What is Child Theme Configurator's security score?

Child Theme Configurator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Child Theme Configurator Security & Risk Analysis

wordpress.org/plugins/child-theme-configurator

When using the Customizer is not enough - Create a child theme from your installed themes and customize styles, templates, functions and more.

300K active installs v2.6.7 PHP 7.4+ WP 4.0+ Updated Jun 10, 2025

childchild-themechild-themescustom-stylestheme

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Child Theme Configurator Safe to Use in 2026?

Generally Safe

Score 100/100

Child Theme Configurator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The Child Theme Configurator plugin version 2.6.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded vulnerability history, suggesting a generally well-maintained codebase. However, a significant concern arises from its attack surface. All 5 identified AJAX handlers lack authentication checks, presenting a direct risk of unauthorized access and execution of plugin functionalities. While the taint analysis did not reveal critical or high severity unsanitized flows, the presence of 5 flows with unsanitized paths warrants attention, especially in conjunction with the unprotected AJAX endpoints. The plugin also has a relatively low percentage of properly escaped output (43%), which could lead to cross-site scripting vulnerabilities if user-supplied data is not handled carefully before rendering.

The lack of past CVEs is a strong indicator of diligent development and security focus. However, this does not negate the immediate risks identified in the static analysis. The absence of authentication on all AJAX handlers is the most pressing security concern, potentially allowing unauthenticated users to trigger plugin actions. The 5 flows with unsanitized paths, while not rated as critical, represent potential avenues for attacks if combined with exploitable logic in the AJAX handlers. The unescaped output is a secondary but still relevant risk that could be exploited. Overall, while the plugin benefits from clean SQL handling and a clear vulnerability history, the unprotected AJAX endpoints and potential for unsanitized paths create a notable security risk that requires remediation.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Low percentage of properly escaped output

Vulnerabilities

None known

Child Theme Configurator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Child Theme Configurator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

43% escaped120 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths

export_theme (includes\classes\Admin.php:1609)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Child Theme Configurator Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_ctc_updateincludes\classes\Core.php:47

authwp_ajax_ctc_queryincludes\classes\Core.php:48

authwp_ajax_ctc_dismissincludes\classes\Core.php:49

authwp_ajax_pro_dismissincludes\classes\Core.php:50

authwp_ajax_ctc_analyzeincludes\classes\Core.php:51

WordPress Hooks 55

actionplugins_loadedchild-theme-configurator.php:35

filterstyle_loader_srcchild-theme-configurator.php:46

actionchld_thm_cfg_admin_noticesincludes\classes\Admin.php:188

actionchld_thm_cfg_admin_noticesincludes\classes\Admin.php:218

actionchld_thm_cfg_admin_noticesincludes\classes\Admin.php:223

actionchld_thm_cfg_admin_noticesincludes\classes\Admin.php:229

actionchld_thm_cfg_admin_noticesincludes\classes\Admin.php:233

actionchld_thm_cfg_admin_noticesincludes\classes\Admin.php:247

actionchld_thm_cfg_cache_updatesincludes\classes\Admin.php:262

actionchld_thm_cfg_cache_updatesincludes\classes\Admin.php:342

actionchld_thm_cfg_parse_stylesheetsincludes\classes\Admin.php:673

actionchld_thm_cfg_parse_stylesheetsincludes\classes\Admin.php:713

actionchld_thm_cfg_addl_optionsincludes\classes\Admin.php:718

actionchld_thm_cfg_parse_stylesheetsincludes\classes\Admin.php:721

actionchld_thm_cfg_parse_stylesheetsincludes\classes\Admin.php:726

actionchld_thm_cfg_parse_stylesheetsincludes\classes\Admin.php:729

actionchld_thm_cfg_parse_stylesheetsincludes\classes\Admin.php:733

actionchld_thm_cfg_parse_stylesheetsincludes\classes\Admin.php:736

actionchld_thm_cfg_addl_filesincludes\classes\Admin.php:743

actionchld_thm_cfg_addl_filesincludes\classes\Admin.php:744

actionchld_thm_cfg_addl_filesincludes\classes\Admin.php:745

actionchld_thm_cfg_addl_filesincludes\classes\Admin.php:747

actionchld_thm_cfg_addl_filesincludes\classes\Admin.php:2283

actionall_admin_noticesincludes\classes\Core.php:31

actionadmin_initincludes\classes\Core.php:37

actionnetwork_admin_menuincludes\classes\Core.php:41

actionadmin_menuincludes\classes\Core.php:42

actioninitincludes\classes\Core.php:54

actionchld_thm_cfg_addl_filesincludes\classes\CSS.php:976

actionsetup_themeincludes\classes\Preview.php:23

filterwp_redirect_statusincludes\classes\Preview.php:24

actionwp_enqueue_scriptsincludes\classes\Preview.php:43

filtertemplateincludes\classes\Preview.php:65

filterstylesheetincludes\classes\Preview.php:66

filterpre_option_stylesheetincludes\classes\Preview.php:68

filterpre_option_templateincludes\classes\Preview.php:69

actionwp_headincludes\classes\Preview.php:74

actionwp_print_stylesincludes\classes\Preview.php:76

actionwp_footerincludes\classes\Preview.php:78

filterchld_thm_cfg_files_tab_filterincludes\classes\UI.php:24

actionchld_thm_cfg_tabsincludes\classes\UI.php:25

actionchld_thm_cfg_panelsincludes\classes\UI.php:26

actionchld_thm_cfg_related_linksincludes\classes\UI.php:27

actionchld_thm_cfg_before_tabsincludes\classes\UI.php:28

actionchld_thm_cfg_before_tabsincludes\classes\UI.php:29

actionchld_thm_cfg_file_form_buttonsincludes\classes\UI.php:30

actionchld_thm_cfg_admin_noticesincludes\classes\UI.php:31

actionadmin_enqueue_scriptsincludes\classes\UI.php:32

filterchld_thm_cfg_localize_arrayincludes\classes\UI.php:33

actionall_admin_noticesincludes\classes\UI.php:34

actionall_admin_noticesincludes\classes\Upgrade.php:53

filtersite_transient_update_pluginsincludes\classes\Upgrade.php:127

filtertransient_update_pluginsincludes\classes\Upgrade.php:128

filterupgrader_post_installincludes\classes\Upgrade.php:132

actiondelete_site_transient_update_pluginsincludes\classes\Upgrade.php:133

Maintenance & Trust

Child Theme Configurator Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 10, 2025

PHP min version7.4

Downloads7.0M

Community Trust

Rating94/100

Number of ratings278

Active installs300K

Alternatives

Child Theme Configurator Alternatives

Child Theme Creator by Orbisius

orbisius-child-theme-creator

Create Child Themes quickly and easily from any theme that you have currently installed on your site/blog.

10K 4 CVEs

Childify Me

childify-me

Create a child-theme from the Theme Customizer.

9K No CVEs

BNS Theme Add-Ins

bns-theme-add-ins

Extend the capabilities of WordPress Parent-Themes and Child-Themes

10 No CVEs

WP Child Theme Generator

wp-child-theme-generator

WP Child Theme Generator is an easy solution to all your WordPress child theme creating problems!

20K 2 CVEs

Child Theme Wizard

child-theme-wizard

Creates a child theme with one click and lets you customise its options.

10K No CVEs

Developer Profile

Child Theme Configurator Developer Profile

lilaeamedia

3 plugins · 301K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Child Theme Configurator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/child-theme-configurator/css/style.css/wp-content/plugins/child-theme-configurator/js/child-theme-configurator.js/wp-content/plugins/child-theme-configurator/css/jquery-ui-1.12.1.custom/jquery-ui.min.css/wp-content/plugins/child-theme-configurator/js/jquery-ui-1.12.1.custom/jquery-ui.min.js/wp-content/plugins/child-theme-configurator/js/jquery-hotkeys.js/wp-content/plugins/child-theme-configurator/js/ace/ace.js/wp-content/plugins/child-theme-configurator/js/ace/theme-chrome.js/wp-content/plugins/child-theme-configurator/js/ace/mode-css.js+17 more

Script Paths

/wp-content/plugins/child-theme-configurator/js/child-theme-configurator.js/wp-content/plugins/child-theme-configurator/js/jquery-ui-1.12.1.custom/jquery-ui.min.js/wp-content/plugins/child-theme-configurator/js/jquery-hotkeys.js/wp-content/plugins/child-theme-configurator/js/ace/ace.js/wp-content/plugins/child-theme-configurator/js/codemirror/codemirror.js/wp-content/plugins/child-theme-configurator/js/codemirror/addon/edit/matchbrackets.js+12 more

Version Parameters

/wp-content/plugins/child-theme-configurator/css/style.css?ver=/wp-content/plugins/child-theme-configurator/js/child-theme-configurator.js?ver=/wp-content/plugins/child-theme-configurator/css/jquery-ui-1.12.1.custom/jquery-ui.min.css?ver=/wp-content/plugins/child-theme-configurator/js/jquery-ui-1.12.1.custom/jquery-ui.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

ctc-admin-barctc-noticectc-menuctc-page-headerctc-theme-wrapperctc-theme-infoctc-theme-screenshotctc-theme-name+135 more

HTML Comments

+42 more

Data Attributes

data-ctc-theme-slugdata-ctc-theme-parentdata-ctc-theme-typedata-ctc-current-themedata-ctc-tabdata-ctc-editor-mode+138 more

JS Globals

window.ctc_admin_barwindow.ctc_datawindow.ctc_uiwindow.ctc_editorwindow.ctc_editor_savewindow.ctc_editor_close+84 more

FAQ