WP-Safety

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons Security & Risk Analysis

wordpress.org/plugins/cozy-essential-addons

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K active installs v1.3.4 PHP 7.3.0+ WP 5.9+ Updated Oct 13, 2025
demo-importerfaqsportfoliosteamstestimonials
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons Safe to Use in 2026?

Generally Safe

Score 100/100

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The "cozy-essential-addons" v1.3.4 plugin demonstrates a generally strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, file operations, and external HTTP requests is commendable. Furthermore, the plugin effectively utilizes prepared statements for all SQL queries and maintains a very high percentage of properly escaped output, minimizing risks of SQL injection and cross-site scripting. The presence of nonce and capability checks on most entry points indicates a good understanding of WordPress security best practices.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This unprotected entry point represents a potential avenue for attackers to interact with the plugin in ways not intended, potentially leading to unintended consequences or information disclosure depending on the handler's functionality. The plugin's clean vulnerability history is a positive sign, suggesting a mature development process that has historically avoided introducing security flaws. Nevertheless, the unprotected AJAX handler remains a concrete risk that needs attention.

In conclusion, while the "cozy-essential-addons" plugin is built with many secure coding practices and boasts a clean security past, the single unprotected AJAX handler significantly detracts from its overall security. Addressing this specific vulnerability is crucial for mitigating potential risks. The plugin's strengths lie in its diligent SQL handling and output escaping, but the exposed AJAX endpoint is a clear weakness.

Key Concerns

  • AJAX handler without auth check
Vulnerabilities
None known

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
86
3422 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

98% escaped3508 total outputs
Attack Surface
1 unprotected

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 1

authwp_ajax_walker_core_getting_startedincludes\class-cozy-essential-addons.php:159

Shortcodes 6

[CEA_PORTFOLIOS] public\shortcodes.php:2
[CEA_TESTIMONIALS] public\shortcodes.php:41
[CEA_TEAMS] public\shortcodes.php:88
[CEA_SERVICES] public\shortcodes.php:163
[CEA_FAQS] public\shortcodes.php:201
[CEA_PROMOTIONS] public\shortcodes.php:238
WordPress Hooks 32
actioninitadmin\cpt\cea-faq.php:41
actioninitadmin\cpt\cea-faq.php:68
actioninitadmin\cpt\cea-portfolio.php:41
actioninitadmin\cpt\cea-portfolio.php:70
actioninitadmin\cpt\cea-promotion.php:41
actioninitadmin\cpt\cea-promotion.php:68
actioninitadmin\cpt\cea-service.php:41
actioninitadmin\cpt\cea-service.php:70
actioninitadmin\cpt\cea-team.php:41
actioninitadmin\cpt\cea-team.php:70
actioninitadmin\cpt\cea-testimonial.php:44
actioninitadmin\cpt\cea-testimonial.php:74
actionadmin_menuadmin\cpt-options.php:10
actionadmin_initadmin\cpt-options.php:53
actionadmin_initadmin\metabox\metaboxs.php:3
actionsave_postadmin\metabox\metaboxs.php:228
actioninitincludes\block-patterns.php:60
actioninitincludes\block-patterns.php:255
actionadmin_initincludes\class-cozy-essential-addons.php:155
actionadmin_menuincludes\class-cozy-essential-addons.php:156
actionadvanced_import_demo_listsincludes\class-cozy-essential-addons.php:157
filtergettextincludes\class-cozy-essential-addons.php:158
actionplugins_loadedincludes\class-cozy-essential-addons.php:176
actionadmin_enqueue_scriptsincludes\class-cozy-essential-addons.php:190
actionadmin_enqueue_scriptsincludes\class-cozy-essential-addons.php:191
actionwp_enqueue_scriptsincludes\class-cozy-essential-addons.php:205
actionenqueue_block_assetsincludes\class-cozy-essential-addons.php:206
actionwp_enqueue_scriptsincludes\class-cozy-essential-addons.php:207
actionadvanced_import_is_pro_activeincludes\functions.php:39
actionadmin_enqueue_scriptsincludes\functions.php:49
actionadmin_noticesincludes\functions.php:54
actionadmin_initincludes\functions.php:67
Maintenance & Trust

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 13, 2025
PHP min version7.3.0
Downloads198K

Community Trust

Rating0/100
Number of ratings0
Active installs7K
Alternatives

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons Alternatives

Walker Core

Walker Core

walker-core

A
99

Walker Core is the companion plugin for WalkerWP Themes, which provides core functionality and custom post type for the themes.

900 1 CVE
Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More

reviews-feed

A
99

No API key required. Display Yelp and Google reviews for any business in a clean, customizable feed on your site.

100K 2 CVEs
Rich Showcase for Google Reviews

Rich Showcase for Google Reviews

widget-google-reviews

A
90

Display up to 10 Google reviews in less than a minute. Continue collecting new reviews. No limits on connected places, widgets, shortcodes and blocks.

100K 5 CVEs
Strong Testimonials

Strong Testimonials

strong-testimonials

A
92

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs
Site Reviews

Site Reviews

site-reviews

A
96

Site Reviews is a complete review management solution that integrates with WooCommerce and SureCart and works similarly to reviews on Amazon, Tripadvi …

70K 13 CVEs
Developer Profile

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons Developer Profile

CozyThemes

40 plugins · 32K total installs

96
trust score
Avg Security Score
94/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cozy-essential-addons/admin/css/cozy-essential-addons-admin.css/wp-content/plugins/cozy-essential-addons/admin/js/cozy-essential-addons-admin.js
Script Paths
admin/js/cozy-essential-addons-admin.js
Version Parameters
cozy-essential-addons-admin.css?ver=cozy-essential-addons-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- This file is part of the Cozy Essential Addons plugin --><!-- Cozy Essential Addons Admin CSS --><!-- Cozy Essential Addons Admin JS -->
FAQ

Frequently Asked Questions about Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons