WP-Safety

Everest Toolkit Security & Risk Analysis

wordpress.org/plugins/everest-toolkit

A essential toolkit for themes made by everestthemes (everestthemes.com). Everest toolkit helps you to setup your website or blog faster.

2K active installs v1.2.3 PHP 5.6+ WP 4.8.0+ Updated Jul 3, 2023
contentdemoeverestthemesmenuswidgets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Everest Toolkit Safe to Use in 2026?

Generally Safe

Score 85/100

Everest Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The security posture of Everest Toolkit v1.2.3 shows a mix of good practices and specific areas of concern. The plugin demonstrates a strong adherence to output escaping and uses prepared statements for a significant majority of its SQL queries. The absence of known vulnerabilities and CVEs in its history is a positive indicator, suggesting a generally well-maintained codebase.

However, the static analysis reveals a critical vulnerability in its attack surface. One of the three AJAX handlers lacks proper authentication checks, making it a potential entry point for unauthorized actions. Additionally, the presence of the `unserialize` function, especially when combined with user-controlled input (implied by the taint analysis indicating an unsanitized path), poses a significant risk of object injection vulnerabilities. While the taint analysis did not flag critical or high-severity issues directly, the single unsanitized path flow is a strong signal of potential exploitability, particularly when coupled with the `unserialize` function.

In conclusion, Everest Toolkit v1.2.3 has a good foundation with proper escaping and SQL practices, and a clean vulnerability history. Nevertheless, the unprotected AJAX handler and the potential for object injection through unserialization are serious weaknesses that require immediate attention. These issues present a tangible risk that could be exploited by attackers.

Key Concerns

  • AJAX handler without auth checks
  • Presence of unserialize function
  • Flow with unsanitized paths
Vulnerabilities
None known

Everest Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Everest Toolkit Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
5 prepared
Unescaped Output
15
384 escaped
Nonce Checks
6
Capability Checks
3
File Operations
8
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize( $raw );includes\demo-importer\importer\class-et-importer-customizer-importer.php:51

SQL Query Safety

71% prepared7 total queries

Output Escaping

96% escaped399 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
everest_toolkit_notify_notice_message (includes\notice\notify.php:127)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Everest Toolkit Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_ET_import_demo_dataincludes\demo-importer\class-et-main.php:43
authwp_ajax_tt_about_action_dismiss_recommended_actionincludes\theme-info\class-theme-info.php:187
noprivwp_ajax_tt_about_action_dismiss_recommended_actionincludes\theme-info\class-theme-info.php:188
WordPress Hooks 77
actioninitadmin\class-everest-toolkit-admin.php:56
actionadmin_noticesadmin\class-everest-toolkit-admin.php:57
actionadmin_footeradmin\stats\class-stats.php:76
actionplugins_loadedincludes\class-everest-toolkit.php:152
actionadmin_enqueue_scriptsincludes\class-everest-toolkit.php:174
actionadmin_enqueue_scriptsincludes\class-everest-toolkit.php:175
actionwp_enqueue_scriptsincludes\class-everest-toolkit.php:189
actionwp_enqueue_scriptsincludes\class-everest-toolkit.php:190
filteret-demo-content-importincludes\demo-importer\admin\class-et-admin-demo-config.php:15
actionet-after-demo-content-importincludes\demo-importer\admin\class-et-admin-demo-config.php:16
actionadmin_noticesincludes\demo-importer\admin\class-et-admin.php:19
actioninitincludes\demo-importer\class-et-ajax.php:14
actiontemplate_redirectincludes\demo-importer\class-et-ajax.php:15
actionadmin_menuincludes\demo-importer\class-et-main.php:41
actionadmin_enqueue_scriptsincludes\demo-importer\class-et-main.php:42
actionafter_setup_themeincludes\demo-importer\class-et-main.php:44
filterwxr_importer.pre_process.userincludes\demo-importer\class-et-main.php:509
filterwxr_importer.pre_process.postincludes\demo-importer\class-et-main.php:512
filterintermediate_image_sizes_advancedincludes\demo-importer\class-et-main.php:516
actionafter_setup_themeincludes\demo-importer\class-everestthemes-demo-importer.php:98
actioninitincludes\demo-importer\class-everestthemes-demo-importer.php:99
filterimport_post_meta_keyincludes\demo-importer\importer\class-et-importer-wxr-importer.php:337
filterhttp_request_timeoutincludes\demo-importer\importer\class-et-importer-wxr-importer.php:338
actionplugins_loadedincludes\elementor\arya-multipurpose\class-elementor-extension.php:52
actionelementor/elements/categories_registeredincludes\elementor\arya-multipurpose\class-elementor-extension.php:71
actionelementor/widgets/widgets_registeredincludes\elementor\arya-multipurpose\class-elementor-extension.php:72
actionadmin_noticesincludes\functions.php:58
actionadmin_initincludes\functions.php:60
actionadmin_noticesincludes\functions.php:67
actionadmin_initincludes\functions.php:69
actionadmin_noticesincludes\functions.php:76
actionadmin_initincludes\functions.php:78
actionadmin_noticesincludes\functions.php:85
actionadmin_initincludes\functions.php:87
actionadmin_noticesincludes\functions.php:96
actionadmin_initincludes\functions.php:98
actionadmin_noticesincludes\functions.php:105
actionadmin_initincludes\functions.php:107
actionadmin_noticesincludes\functions.php:114
actionadmin_initincludes\functions.php:116
actionadmin_noticesincludes\functions.php:123
actionadmin_initincludes\functions.php:125
actionadmin_noticesincludes\functions.php:132
actionadmin_initincludes\functions.php:134
actionadmin_noticesincludes\functions.php:141
actionadmin_initincludes\functions.php:143
actionadmin_noticesincludes\functions.php:149
actionadmin_initincludes\functions.php:151
actionadmin_noticesincludes\functions.php:157
actionadmin_initincludes\functions.php:159
actionadmin_noticesincludes\functions.php:165
actionadmin_initincludes\functions.php:167
actionadmin_noticesincludes\functions.php:173
actionadmin_initincludes\functions.php:175
actioneverest_toolkit_load_theme_info_demoincludes\functions.php:180
actionadmin_noticesincludes\notice\notify.php:37
actionadmin_enqueue_scriptsincludes\notice\notify.php:40
actionadmin_initincludes\notice\notify.php:45
actionadmin_menuincludes\theme-info\class-theme-info.php:184
actionload-themes.phpincludes\theme-info\class-theme-info.php:185
actionadmin_enqueue_scriptsincludes\theme-info\class-theme-info.php:186
filteret_admin_ajax_filter_localized_dataincludes\theme-info\class-theme-info.php:189
actionadmin_noticesincludes\theme-info\class-theme-info.php:390
actionafter_setup_themeincludes\theme-info\configs\arya-multipurpose-config.php:213
actionafter_setup_themeincludes\theme-info\configs\everest-news-config.php:213
actionafter_setup_themeincludes\theme-info\configs\everest-news-lite-config.php:213
actionafter_setup_themeincludes\theme-info\configs\grace-mag-config.php:204
actionafter_setup_themeincludes\theme-info\configs\grace-mag-pro-config.php:179
actionafter_setup_themeincludes\theme-info\configs\gucherry-blog-config.php:204
actionafter_setup_themeincludes\theme-info\configs\gucherry-blog-pro-config.php:179
actionafter_setup_themeincludes\theme-info\configs\gucherry-lite-config.php:204
actionafter_setup_themeincludes\theme-info\configs\influence-blog-config.php:204
actionafter_setup_themeincludes\theme-info\configs\influence-blog-pro-config.php:179
actionafter_setup_themeincludes\theme-info\configs\mocho-blog-config.php:211
actionafter_setup_themeincludes\theme-info\configs\sports-highlight-config.php:212
actionafter_setup_themeincludes\theme-info\configs\ultra-lite-blog-config.php:211
actionafter_setup_themeincludes\theme-info\configs\viable-blog-config.php:211
Maintenance & Trust

Everest Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedJul 3, 2023
PHP min version5.6
Downloads71K

Community Trust

Rating0/100
Number of ratings0
Active installs2K
Alternatives

Everest Toolkit Alternatives

Themebeez Toolkit

Themebeez Toolkit

themebeez-toolkit

B
78

A essential toolkit for WordPress themes developed by us. Themebeez Toolkit helps you to import dummy demo contents. It also adds extra features & …

9K 1 unpatched
Century ToolKit

Century ToolKit

century-toolkit

C
63

ToolKit for WordPress themes and demo content importer for themes.

800 1 unpatched
Ammu Demo Import

Ammu Demo Import

ammu-demo-import

A
100

A plugin to install demo content to themes developed by Ammuthemes.

400 No CVEs
Perfectwpthemes Toolkit

Perfectwpthemes Toolkit

perfectwpthemes-toolkit

A
85

An essential toolkit for themes made by perfectwpthemes (https://perfectwpthemes.com/). Perfectwpthemes Toolkit works only with the WordPress themes b …

200 No CVEs
Mirrorgrid Demo Importer

Mirrorgrid Demo Importer

mirrorgrid-demo-importer

A
85

ToolKit for Mirrorgrid themes and demo content importer for themes.

30 No CVEs
Developer Profile

Everest Toolkit Developer Profile

everestthemes

5 plugins · 8K total installs

75
trust score
Avg Security Score
73/100
Avg Patch Time
13 days
View full developer profile
Detection Fingerprints

How We Detect Everest Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/everest-toolkit/admin/css/everest-toolkit-admin.css/wp-content/plugins/everest-toolkit/admin/js/everest-toolkit-admin.js
Script Paths
/wp-content/plugins/everest-toolkit/admin/js/everest-toolkit-admin.js
Version Parameters
everest-toolkit/admin/css/everest-toolkit-admin.css?ver=everest-toolkit/admin/js/everest-toolkit-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
everest_toolkit-consent-noticeconsent-headerconsent-bodyconsent-footer
Data Attributes
id="everest_toolkit-consent-notice"name="everest_toolkit_consent_optin"name="everest_toolkit_consent_skip"
FAQ

Frequently Asked Questions about Everest Toolkit