Does EmBe Core have any unpatched vulnerabilities?

No. All known vulnerabilities in EmBe Core have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is EmBe Core compatible with WordPress 5.3.21?

According to WordPress.org data, EmBe Core 2.2.1 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

Is EmBe Core compatible with PHP 5.2.4+?

EmBe Core requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is EmBe Core updated?

EmBe Core was last updated on Sep 24, 2020. Frequent updates are generally a positive security signal.

What is EmBe Core's security score?

EmBe Core has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EmBe Core Security & Risk Analysis

wordpress.org/plugins/embe-core

Core Features for EmBe Theme, this is required plugin for this theme

30 active installs v2.2.1 PHP 5.2.4+ WP 4.2+ Updated Sep 24, 2020

alithemesembe-thememagazine-themeredux-framework

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is EmBe Core Safe to Use in 2026?

Generally Safe

Score 85/100

EmBe Core has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The embe-core plugin v2.2.1 exhibits a generally strong security posture with several positive indicators. All identified entry points, including AJAX handlers, are protected by authentication checks. The plugin also exclusively uses prepared statements for SQL queries and implements nonce checks on 9 of its 7 AJAX handlers, suggesting a good level of attention to preventing common web vulnerabilities. Furthermore, the complete absence of known CVEs and a clean vulnerability history further bolster its perceived security.

However, there are a couple of areas that warrant attention. The presence of two 'unserialize' functions is a significant concern, as unserialization of untrusted data can lead to remote code execution vulnerabilities. While the static analysis didn't uncover direct exploitation paths, the potential for misuse remains. Additionally, a notable 44% of output operations are not properly escaped. This could expose the plugin to Cross-Site Scripting (XSS) vulnerabilities if the data being output is not sufficiently sanitized, especially if user-supplied data is involved. The taint analysis, while not revealing critical or high-severity issues, did show flows with unsanitized paths, which aligns with the output escaping concern.

In conclusion, embe-core v2.2.1 demonstrates good security practices in many areas, particularly concerning authentication, SQL injection prevention, and its clean vulnerability record. The primary risks lie in the potential misuse of the `unserialize` function and the significant percentage of unescaped output, which could lead to XSS vulnerabilities. Addressing these specific issues would significantly enhance the plugin's overall security.

Key Concerns

Dangerous function 'unserialize' used
Significant portion of output unescaped
Flows with unsanitized paths found

Vulnerabilities

None known

EmBe Core Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

EmBe Core Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

766

969 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$instagram = unserialize( $instagram );inc\helper\helper.php:822

unserializereturn unserialize( base64_decode( $instagram ) );widgets\instagram.php:260

SQL Query Safety

100% prepared10 total queries

Output Escaping

56% escaped1735 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths

save_network_page (inc\redux\framework.php:581)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EmBe Core Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

noprivwp_ajax_redux_pinc\redux\inc\class.p.php:7

authwp_ajax_redux_pinc\redux\inc\class.p.php:8

authwp_ajax_redux_hide_admin_noticeinc\redux\inc\class.redux_admin_notices.php:32

authwp_ajax_redux_wbc_importerinc\redux\inc\extensions\wbc_importer\extension_wbc_importer.php:80

authwp_ajax_redux_wbc_importer_progressinc\redux\inc\extensions\wbc_importer\inc\class-wbc-importer-progress.php:34

authwp_ajax_redux_allow_trackinginc\redux\inc\tracking.php:510

authwp_ajax_redux_support_hashinc\redux\inc\welcome\welcome.php:25

WordPress Hooks 90

actionadmin_enqueue_scriptsembe-core.php:33

actionwp_enqueue_scriptsembe-core.php:41

actionload-widgets.phpembe-core.php:77

filtermanage_posts_columnsinc\helper\helper.php:534

filtermanage_posts_custom_columninc\helper\helper.php:551

actionadmin_initinc\helper\taxonomy-meta.php:37

actionedit_terminc\helper\taxonomy-meta.php:38

actiondelete_terminc\helper\taxonomy-meta.php:39

actionload-edit-tags.phpinc\helper\taxonomy-meta.php:40

actionadmin_enqueue_scriptsinc\helper\taxonomy-meta.php:58

actionadmin_headinc\helper\taxonomy-meta.php:59

actionadmin_footerinc\helper\taxonomy-meta.php:60

actionadmin_initinc\metaboxes\metabox-category.php:56

filterrwmb_meta_boxesinc\metaboxes\metabox-single.php:23

actionshow_user_profileinc\metaboxes\metabox-user.php:6

actionedit_user_profileinc\metaboxes\metabox-user.php:7

actionpersonal_options_updateinc\metaboxes\metabox-user.php:54

actionedit_user_profile_updateinc\metaboxes\metabox-user.php:55

actionwp_dashboard_setupinc\redux\core\dashboard.php:13

actionredux/initinc\redux\framework.php:30

actionadmin_menuinc\redux\framework.php:341

actionnetwork_admin_menuinc\redux\framework.php:345

actionadmin_bar_menuinc\redux\framework.php:349

actionadmin_initinc\redux\framework.php:355

actionadmin_initinc\redux\framework.php:360

actionadmin_noticesinc\redux\framework.php:365

actionadmin_initinc\redux\framework.php:368

actionadmin_enqueue_scriptsinc\redux\framework.php:372

actionwp_headinc\redux\framework.php:378

actionwp_enqueue_scriptsinc\redux\framework.php:379

actionlogin_headinc\redux\framework.php:384

actionlogin_enqueue_scriptsinc\redux\framework.php:385

actionadmin_headinc\redux\framework.php:390

actionadmin_enqueue_scriptsinc\redux\framework.php:391

actionwp_print_scriptsinc\redux\framework.php:395

actionadmin_enqueue_scriptsinc\redux\framework.php:396

actionadmin_bar_menuinc\redux\framework.php:404

actionadmin_headinc\redux\framework.php:1735

filteradmin_footer_textinc\redux\framework.php:1738

actionafter_setup_themeinc\redux\inc\class.redux_api.php:47

actioninitinc\redux\inc\class.redux_api.php:48

actionswitch_themeinc\redux\inc\class.redux_api.php:49

actionredux/constructinc\redux\inc\class.redux_instances.php:60

actioncustomize_registerinc\redux\inc\extensions\customizer\extension_customizer.php:113

actionwp_headinc\redux\inc\extensions\customizer\extension_customizer.php:118

actioncustomize_save_afterinc\redux\inc\extensions\customizer\extension_customizer.php:122

actioncustomize_controls_print_scriptsinc\redux\inc\extensions\customizer\extension_customizer.php:125

actioncustomize_controls_initinc\redux\inc\extensions\customizer\extension_customizer.php:127

filterupload_mimesinc\redux\inc\extensions\import_export\extension_import_export.php:97

actionwp_import_postsinc\redux\inc\extensions\wbc_importer\inc\class-wbc-importer-progress.php:36

actionadd_attachmentinc\redux\inc\extensions\wbc_importer\inc\class-wbc-importer-progress.php:38

actionedit_attachmentinc\redux\inc\extensions\wbc_importer\inc\class-wbc-importer-progress.php:39

actionwp_insert_postinc\redux\inc\extensions\wbc_importer\inc\class-wbc-importer-progress.php:40

filterwp_import_post_data_rawinc\redux\inc\extensions\wbc_importer\inc\class-wbc-importer-progress.php:43

filteradd_post_metadatainc\redux\inc\extensions\wbc_importer\inc\importer\radium-importer.php:86

actionimport_endinc\redux\inc\extensions\wbc_importer\inc\importer\radium-importer.php:88

filterimport_post_meta_keyinc\redux\inc\extensions\wbc_importer\inc\importer\wordpress-importer.php:105

filterhttp_request_timeoutinc\redux\inc\extensions\wbc_importer\inc\importer\wordpress-importer.php:106

filterredux/font-iconsinc\redux\inc\fields\select\elusive-icons.php:312

actionadmin_enqueue_scriptsinc\redux\inc\themecheck\class.redux_themecheck.php:74

actionadmin_enqueue_scriptsinc\redux\inc\themecheck\class.redux_themecheck.php:75

actionthemecheck_checks_loadedinc\redux\inc\themecheck\class.redux_themecheck.php:77

actionthemecheck_checks_loadedinc\redux\inc\themecheck\class.redux_themecheck.php:78

actionadmin_enqueue_scriptsinc\redux\inc\tracking.php:81

actionadmin_enqueue_scriptsinc\redux\inc\tracking.php:83

actionredux_trackinginc\redux\inc\tracking.php:100

actionadmin_print_footer_scriptsinc\redux\inc\tracking.php:110

actionadmin_print_footer_scriptsinc\redux\inc\tracking.php:119

filterredux/tracking/optionsinc\redux\inc\tracking.php:486

actioninitinc\redux\inc\validation\unique_slug\validation_unique_slug.php:60

actionredux/loadedinc\redux\inc\welcome\welcome.php:23

actionadmin_menuinc\redux\inc\welcome\welcome.php:35

filteradmin_footer_textinc\redux\inc\welcome\welcome.php:41

actionadmin_headinc\redux\inc\welcome\welcome.php:42

actioninitinc\redux\inc\welcome\welcome.php:93

actionadmin_menuinc\theme_options.php:111

actionwidgets_initwidgets\about.php:6

actionwidgets_initwidgets\advs.php:6

actionwidgets_initwidgets\categories_tabs.php:6

actioninitwidgets\categories_tabs.php:23

actionwp_enqueue_scriptswidgets\categories_tabs.php:24

actionadmin_enqueue_scriptswidgets\categories_tabs.php:25

actionwidgets_initwidgets\comments.php:6

actionwidgets_initwidgets\instagram.php:6

actionwidgets_initwidgets\last_posts.php:6

actionwidgets_initwidgets\posts_aside.php:6

actionwidgets_initwidgets\posts_carausel.php:6

actionwidgets_initwidgets\post_modules.php:6

actionwidgets_initwidgets\tags.php:6

actionwidgets_initwidgets\twitter.php:6

Scheduled Events 1

redux_tracking

Maintenance & Trust

EmBe Core Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedSep 24, 2020

PHP min version5.2.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

EmBe Core Alternatives

EmBe Demo Import

embe-demo-import

One-Click Demo Import for Embe theme. Based on Redux Framework.

20 No CVEs

Developer Profile

EmBe Core Developer Profile

Alithemes

3 plugins · 150 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect EmBe Core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/embe-core/assets/style.css/wp-content/plugins/embe-core/assets/metabox.scripts.js/wp-content/plugins/embe-core/assets/front-style.css

Script Paths

/wp-content/plugins/embe-core/assets/metabox.scripts.js

Version Parameters

embe-core/assets/style.css?ver=embe-core/assets/metabox.scripts.js?ver=embe-core/assets/front-style.css?ver=

HTML / DOM Fingerprints

CSS Classes

rwtm-uploadedrwtm-filesrwtm-imagesrwtm-images lirwtm-images imgrwtm-images arwtm-delete-filerwtm-file-upload+1 more

Data Attributes

enctype="multipart/form-data"

JS Globals

wp.media$

FAQ