Does Custom Colors have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Colors have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Colors compatible with WordPress 4.5.33?

According to WordPress.org data, Custom Colors 1.13 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is Custom Colors updated?

Custom Colors was last updated on Sep 8, 2016. Frequent updates are generally a positive security signal.

What is Custom Colors's security score?

Custom Colors has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Colors Security & Risk Analysis

wordpress.org/plugins/custom-colors

Custom Colors is easy to use. Custom Colors WordPress plugin allows you to change all basic colors in your theme.

30 active installs v1.13 PHP + WP 4.5+ Updated Sep 8, 2016

customcustom-colorscustom-colors-plugincustom-colors-wp-pluginwordpress-colors

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom Colors Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Colors has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "custom-colors" plugin v1.13 exhibits a generally strong security posture based on the static analysis. The absence of any identified dangerous functions, SQL queries that are not prepared, and a high percentage of properly escaped output are positive indicators. Furthermore, the lack of file operations and external HTTP requests minimizes common attack vectors. The plugin also has no recorded vulnerabilities, which suggests a history of secure development or prompt patching of any past issues.

However, the static analysis reveals several areas for concern. The complete lack of nonces and capability checks across all identified entry points is a significant weakness. While the current attack surface is reported as zero, if any entry points were to be introduced or discovered in the future, they would be entirely unprotected against common WordPress exploits like CSRF or privilege escalation. The absence of any taint analysis results is also unusual and might indicate the analysis tool's limitations or a very simple plugin architecture that doesn't typically involve user input processing in a way that would trigger taint flows.

In conclusion, the plugin has strengths in its implementation of secure coding practices for the code that exists. Its vulnerability history is spotless. The primary weakness lies in the lack of robust access control and input validation mechanisms, particularly the absence of nonces and capability checks. While the attack surface is currently reported as zero, this leaves the plugin highly vulnerable if any entry points are ever added or exposed.

Key Concerns

No nonce checks on entry points
No capability checks on entry points
No taint analysis performed

Vulnerabilities

None known

Custom Colors Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Custom Colors Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

72 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped79 total outputs

Attack Surface

Custom Colors Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_menucustom-colors.php:12

actionadmin_initcustom-colors.php:17

actionadmin_enqueue_scriptscustom-colors.php:20

actioninitcustom-colors.php:222

actionwp_headcustom-colors.php:246

actionadmin_headcustom-colors.php:280

Maintenance & Trust

Custom Colors Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedSep 8, 2016

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Custom Colors Alternatives

Fourteen Colors

fourteen-colors

Not a big fan of green and black? Love the layout of Twenty Fourteen, but need its colors to match your brand? Don't have time to create a child …

9K No CVEs

Ultimate Colors

ultimate-colors

Change color for any element on your WordPress website without coding. Support for live preview in the Customizer.

300 No CVEs

Thirteen Colors

thirteen-colors

Thirteen Colors is the easiest way to customize the colors of the Twenty Thirteen theme.

200 No CVEs

Widget Customizer for WordPress – Free Version

asd-123-456-widget

Customize your widgets without any CSS knowledge! - Mihajlovicnenad.com

100 No CVEs

SMNTCS Nord Admin Theme

smntcs-nord-admin-theme

Adds an admin theme based on the Nord Theme color scheme.

10 No CVEs

Developer Profile

Custom Colors Developer Profile

seosbg

74 plugins · 10K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Custom Colors

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-colors/images/icon.png/wp-content/plugins/custom-colors/images/logo.png

Script Paths

wp-content/plugins/custom-colors/js/color.jswp-content/plugins/custom-colors/js/custom.js

Version Parameters

custom-colors/js/color.js?ver=custom-colors/js/custom.js?ver=

HTML / DOM Fingerprints

CSS Classes

custom-colorscolor-pickers-red

HTML Comments

Site Title ColorHeader Background ColorNavigation Background ColorBody Background Color+8 more

Data Attributes

id="colorpicker

JS Globals

jQuery

FAQ