WP-Safety

Customize Plus Security & Risk Analysis

wordpress.org/plugins/customize-plus

Enhance and extend the WordPress Customize in your themes.

0 active installs v1.1.1 PHP 5.2.4+ WP 4.9.4+ Updated Unknown
customizeroptions-frameworktheme
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Customize Plus Safe to Use in 2026?

Generally Safe

Score 100/100

Customize Plus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The customize-plus plugin v1.1.1 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified vulnerabilities in its history, coupled with a clean static analysis report, suggests a well-maintained and secure codebase. The plugin demonstrates good security practices by implementing capability checks and a high percentage of properly escaped output, indicating a commitment to preventing common web vulnerabilities. There are no identified dangerous functions, SQL injection risks, file operations, or external HTTP requests, which are all positive indicators. The lack of identified taint flows further reinforces its secure nature. The minimal attack surface, with no unprotected entry points, is also a significant strength. While the data strongly suggests a secure plugin, it's important to note that static analysis is not exhaustive and real-world exploitation scenarios can sometimes reveal unforeseen issues. However, based on the available evidence, the risk associated with this plugin appears to be very low.

Vulnerabilities
None known

Customize Plus Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Customize Plus Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
30 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

97% escaped31 total outputs
Attack Surface

Customize Plus Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
action_admin_menuphp\class-admin-about.php:28
actionadmin_enqueue_scriptsphp\class-admin-about.php:31
actionadmin_menuphp\class-admin.php:58
actionadmin_headphp\class-admin.php:61
actionadmin_enqueue_scriptsphp\class-admin.php:64
actionplugins_loadedphp\class-core.php:34
actioncustomize_registerphp\class-customize.php:167
actioncustomize_controls_print_stylesphp\class-customize.php:168
actioncustomize_controls_print_footer_scriptsphp\class-customize.php:169
actioncustomize_controls_print_footer_scriptsphp\class-customize.php:170
actioncustomize_controls_enqueue_scriptsphp\class-customize.php:171
actioncustomize_preview_initphp\class-customize.php:172
actionkkcp_activationphp\class-requirements.php:77
actionkkcp_activationphp\class-requirements.php:78
actionadmin_initphp\class-requirements.php:80
actionadmin_noticesphp\class-requirements.php:142
actionafter_setup_themephp\class-theme.php:135
Maintenance & Trust

Customize Plus Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedUnknown
PHP min version5.2.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Customize Plus Alternatives

Kirki Customizer Framework

Kirki Customizer Framework

kirki

A
100

The Ultimate Customizer Framework for WordPress Theme Developers

500K No CVEs
Redux Framework

Redux Framework

redux-framework

A
89

Redux is a simple, truly extensible, and fully responsive options framework for WordPress themes and plugins. It ships with an integrated demo.

1.0M 6 CVEs
Advanced Import: One-Click Demo Import for WordPress

Advanced Import: One-Click Demo Import for WordPress

advanced-import

A
91

Advanced Import simplifies importing demo data for WordPress sites, enabling users to import posts, pages, media, widgets, customizer settings, and Gu …

90K 1 CVE
Import / Export Customizer Settings

Import / Export Customizer Settings

astra-import-export

A
100

Astra theme customizer offers several settings for header/footer layout, sidebar and blog designs, colors, backgrounds, typography and much more.

50K 1 CVE
Astra Customizer Reset

Astra Customizer Reset

reset-astra-customizer

A
100

This plugin helps to reset customizer settings for the Astra theme in a single click.

40K No CVEs
Developer Profile

Customize Plus Developer Profile

knitkode

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Customize Plus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/customize-plus/php/../css/admin.css/wp-content/plugins/customize-plus/php/../js/admin.js
Script Paths
/wp-content/plugins/customize-plus/php/../js/admin.js
Version Parameters
customize-plus/style.css?ver=customize-plus/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
kkcp-logokkcp-titlekkcp-featureskkcp-premium
HTML Comments
<!-- <div class="kkcp-video-container"> <div class="kkcp-video"> <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/2anLjZwQg3g?rel=0&amp;showinfo=0" frameborder="0" allowfullscreen></iframe> </div> </div> --><!-- <li class="kkcp-premium"><i class="dashicons dashicons-update"></i> <b>Live Less Compiler</b> <em class="description">(Premium)</em> <p class="description">Use the power of less.js to Learn more</a></p> </li> -->
Data Attributes
data-customize-plus
FAQ

Frequently Asked Questions about Customize Plus