Does DXP ToolKit have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is DXP ToolKit compatible with WordPress 6.9.4?

According to WordPress.org data, DXP ToolKit 2.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is DXP ToolKit compatible with PHP 7.4.0+?

DXP ToolKit requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DXP ToolKit updated?

DXP ToolKit was last updated on Dec 9, 2025. Frequent updates are generally a positive security signal.

What is DXP ToolKit's security score?

DXP ToolKit has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DXP ToolKit Security & Risk Analysis

wordpress.org/plugins/dxp-toolkit

Boost conversions by engaging your audience with DXP ToolKit's no-code personalization for digital experiences!

10 active installs v2.0.1 PHP 7.4.0+ WP 5.0.0+ Updated Dec 9, 2025

conditional-contentdynamic-contentpersonalizationsegmentationuser-segmentation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DXP ToolKit Safe to Use in 2026?

Generally Safe

Score 100/100

DXP ToolKit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The dxp-toolkit v2.0.1 plugin exhibits a generally strong security posture, with excellent adherence to best practices such as robust output escaping (98%) and a high percentage of prepared SQL statements (88%). The absence of known CVEs and a history free of past vulnerabilities are positive indicators. The plugin also demonstrates good use of security mechanisms, with nonce and capability checks implemented on most entry points. However, the analysis does reveal some areas of concern. The presence of two taint flows with unsanitized paths, classified as high severity, warrants attention. While these are not yet confirmed vulnerabilities, they represent potential pathways for attackers to inject malicious code or data. Additionally, the plugin relies on the Guzzle bundled library, which could pose a risk if it is outdated or contains known vulnerabilities not yet patched within the plugin itself. Overall, dxp-toolkit appears to be well-developed from a security perspective, but the identified taint flows and bundled library dependency require further investigation and potential remediation to ensure a truly secure implementation.

Key Concerns

High severity taint flow with unsanitized path
High severity taint flow with unsanitized path
Bundled library Guzzle, potential for outdated version

Vulnerabilities

None known

DXP ToolKit Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

DXP ToolKit Release Timeline

v2.0.1Current

v2.0.0

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

DXP ToolKit Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

536 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

88% prepared26 total queries

Output Escaping

98% escaped546 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

extra_tablenav (includes/PersonaRulesTable.php:326)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DXP ToolKit Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_toggle_condition_statusincludes/DXPToolKitCustomPostStatus.php:14

authwp_ajax_persona_rules_performance_admin_table_updateincludes/PersonalizationHandler.php:81

authwp_ajax_dxptk_engineincludes/PersonalizationHandler.php:90

noprivwp_ajax_dxptk_engineincludes/PersonalizationHandler.php:91

authwp_ajax_dxptk_trigger_rulesincludes/PersonalizationHandler.php:93

noprivwp_ajax_dxptk_trigger_rulesincludes/PersonalizationHandler.php:94

authwp_ajax_dxptk_fetch_rules_dataincludes/PersonalizationHandler.php:96

WordPress Hooks 48

actionadmin_enqueue_scriptsincludes/Admin/Admin.php:55

actionadmin_enqueue_scriptsincludes/Admin/Admin.php:56

actionenqueue_block_assetsincludes/Admin/Admin.php:57

actionadmin_initincludes/Admin/Admin.php:58

filtersubmenu_fileincludes/Admin/Admin.php:155

actionadmin_initincludes/Admin/AdminSettings.php:52

actionadmin_initincludes/Admin/AdminSettings.php:53

actionadmin_noticesincludes/Admin/AdminSettings.php:280

actionrest_api_initincludes/Analytics/AnalyticsTracker.php:34

actiondxp_toolkit_condition_track_checkincludes/Analytics/AnalyticsTracker.php:36

actiondxp_toolkit_condition_track_triggerincludes/Analytics/AnalyticsTracker.php:37

actionpost_updatedincludes/Analytics/AnalyticsTracker.php:40

actionupdate_postmetaincludes/Analytics/AnalyticsTracker.php:43

actionupdated_postmetaincludes/Analytics/AnalyticsTracker.php:44

actiontrashed_postincludes/Analytics/AnalyticsTracker.php:45

actiontrashed_postincludes/Analytics/AnalyticsTracker.php:46

actiondxp_toolkit_update_ruleincludes/Analytics/RuleHistoryTracker.php:14

filterfl_builder_register_settings_formincludes/BBConditions.php:48

filterfl_builder_module_attributesincludes/BBConditions.php:49

filterfl_builder_render_module_contentincludes/BBConditions.php:50

filterfl_builder_row_attributesincludes/BBConditions.php:51

filterfl_builder_render_node_layersincludes/BBConditions.php:52

actionwp_enqueue_scriptsincludes/ConditionsPreview.php:68

actionadmin_bar_menuincludes/ConditionsPreview.php:72

actionplugins_loadedincludes/DXPToolKit.php:85

actionadmin_noticesincludes/DXPToolKit.php:235

actionnetwork_admin_noticesincludes/DXPToolKit.php:236

actioninitincludes/DXPToolKit.php:247

actionadmin_enqueue_scriptsincludes/DXPToolKit.php:248

actionadmin_menuincludes/DXPToolKit.php:250

actionwp_dashboard_setupincludes/DashboardWidgetManager.php:16

actionelementor/element/after_section_endincludes/ElementorConditions.php:58

actionelementor/frontend/after_renderincludes/ElementorConditions.php:65

actionelementor/frontend/before_renderincludes/ElementorConditions.php:66

actionelementor/element/after_section_endincludes/ElementorConditions.php:200

actionwp_enqueue_scriptsincludes/PersonalizationHandler.php:68

actionwp_headincludes/PersonalizationHandler.php:69

filterrender_blockincludes/PersonalizationHandler.php:71

filterscript_loader_tagincludes/PersonalizationHandler.php:73

actionclear_auth_cookieincludes/PersonalizationHandler.php:87

actionset_auth_cookieincludes/PersonalizationHandler.php:88

actiongform_after_submissionincludes/PersonalizationHandler.php:99

actionrest_api_initincludes/RestController/DXPToolKitRestController.php:31

actionadmin_noticesincludes/Telemetry.php:70

actionadmin_noticesincludes/Telemetry.php:71

actionwpincludes/Telemetry.php:72

actiondxptoolkit_pingincludes/Telemetry.php:73

actionadmin_initincludes/Telemetry.php:76

Scheduled Events 1

dxptoolkit_ping

Maintenance & Trust

DXP ToolKit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 9, 2025

PHP min version7.4.0

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

DXP ToolKit Alternatives

NEEED – Dynamic Websites

neeed-dynamic-websites

NEEED helps you to individually communicate with your visitors. Show dynamic content based on the situation, history and behavior of each visitor.

20 No CVEs

Conditional Content by Crowd Favorite

conditional-content-cf-lite

Custom personalization matters! Conditional Content is designed to integrate seamlessly with your editing experience!

10 No CVEs

WPCondify – Personalize your website contents

wpcondify

Personalize your site’s content. Show or hide content according to the visitor’s profile. No coding required!

0 No CVEs

Block Visibility — Conditional Visibility Control for the Block Editor

block-visibility

100

Easily show or hide any WordPress block. Schedule block visibility. Restrict blocks to specific screen sizes, user roles, post types, and more.

40K No CVEs

If-So Dynamic Content Personalization

if-so

Personalize any content! Add or replace content according to the visitor's profile and interaction with the site. No coding required!

8K 8 CVEs

Developer Profile

DXP ToolKit Developer Profile

Crowd Favorite

9 plugins · 2K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

586 days

View full developer profile

Detection Fingerprints

How We Detect DXP ToolKit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dxp-toolkit/admin/build/dxp-toolkit-admin.js/wp-content/plugins/dxp-toolkit/admin/build/dxp-toolkit-admin.css

Script Paths

/wp-content/plugins/dxp-toolkit/admin/build/dxp-toolkit-admin.js

Version Parameters

dxp-toolkit/admin/build/dxp-toolkit-admin.js?ver=dxp-toolkit/admin/build/dxp-toolkit-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

dxp-toolkit-settings

HTML Comments

Data Attributes

data-dxp-toolkit-settings

JS Globals

dxpToolkitAdmin

REST Endpoints

/wp-json/dxptoolkit/v1/rulesets/wp-json/dxptoolkit/v1/conditions

FAQ