Does Extendify have any unpatched vulnerabilities?

No. All known vulnerabilities in Extendify have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Extendify compatible with WordPress 6.9.4?

According to WordPress.org data, Extendify 2.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Extendify compatible with PHP 7.0+?

Extendify requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Extendify updated?

Extendify was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Extendify's security score?

Extendify has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Extendify Security & Risk Analysis

wordpress.org/plugins/extendify

The best WordPress templates, pattern, and layout library with 1,000+ designs built for the Gutenberg block editor.

500K active installs v2.4.1 PHP 7.0+ WP 6.5+ Updated Mar 5, 2026

blocksgutenberglayoutspatternstemplates

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Extendify Safe to Use in 2026?

Generally Safe

Score 100/100

Extendify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The extendify plugin v2.4.1 demonstrates a generally strong security posture based on the provided static analysis. The complete absence of unescaped output and the significant percentage of SQL queries utilizing prepared statements are excellent indicators of secure coding practices. The plugin also correctly avoids dangerous functions and appears to have limited file operations and external HTTP requests, further reducing its potential attack surface.

However, a notable concern arises from the complete lack of nonce checks. While the static analysis did not identify any direct AJAX handlers or REST API routes without authentication, the absence of nonce checks is a critical oversight. This leaves any potential future endpoints, or even current ones that might have been missed in the analysis, vulnerable to Cross-Site Request Forgery (CSRF) attacks. The plugin also has only two capability checks, which might indicate insufficient authorization controls for certain functionalities, although without knowing the specific functions, this is a less certain deduction.

The plugin's vulnerability history is remarkably clean, with no recorded CVEs. This suggests a history of responsible development and security awareness. In conclusion, extendify v2.4.1 is well-developed with strong output escaping and data sanitization practices, but the complete lack of nonce checks presents a significant, albeit potentially latent, security risk that needs immediate attention.

Key Concerns

Missing nonce checks on all entry points
Limited capability checks (2 total)

Vulnerabilities

None known

Extendify Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Extendify Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

57% prepared28 total queries

Output Escaping

100% escaped16 total outputs

Attack Surface

Extendify Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 18

filterrender_block_core/navigationapp\Agent\Controllers\SiteNavigationController.php:70

actiontemplate_redirectapp\Agent\TagTemplateParts.php:20

filterrender_block_dataapp\Agent\TagTemplateParts.php:25

filterrender_blockapp\Agent\TagTemplateParts.php:27

actionenqueue_block_editor_assetsapp\Draft\Admin.php:36

filterextendify_insights_dataapp\Insights.php:86

actionwp_loginapp\Insights.php:139

actionhttp_api_curlapp\Shared\DataProvider\ResourceData.php:34

filtercontent_save_preapp\Shared\Services\Import\Post.php:105

actioninitbootstrap.php:161

filterload_script_translation_filebootstrap.php:166

filterload_textdomain_mofilebootstrap.php:174

actionplugins_loadedextendify.php:76

actionupdate_optionextendify.php:81

actioncli_initextendify.php:96

actionupgrader_process_completeextendify.php:105

actionadmin_page_access_deniedextendify.php:140

filterhttp_request_argsextendify.php:149

Scheduled Events 2

extendify_update_domains_cache

Maintenance & Trust

Extendify Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.0

Downloads11.4M

Community Trust

Rating94/100

Number of ratings10

Active installs500K

Alternatives

Extendify Alternatives

Qi Blocks

qi-blocks

Qi Blocks is the largest collection of Gutenberg blocks developed by Qode Interactive.

60K 9 CVEs

PatternsWP – Gutenberg Block Patterns & Page Templates Library

patternswp

100

Explore a library of pre-designed Gutenberg block patterns and page templates that are compatible with any WordPress block theme.

500 No CVEs

Timeline Blocks for Gutenberg

timeline-blocks

100

A beautiful timeline layout block to showcase your posts in timeline presentation.

500 No CVEs

Rocksite Kit – Kadence Blocks Patterns with Figma UI Kit

rocksite-sections

Collection of ready-to-use Gutenberg sections (block patterns) based on Kadence Blocks Library: Hero Sections, Features Sections, Call to Actions etc.

100 No CVEs

Patterns Store – Creates a store to manage and display patterns & pattern kits

patterns-store

100

Create a store to manage and display patterns, pattern kits, and theme JSON packages. Perfect for designers and developers.

20 No CVEs

Developer Profile

Extendify Developer Profile

Extendify

2 plugins · 700K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Extendify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/extendify/public/build/extendify-agent.css/wp-content/plugins/extendify/public/build/extendify-agent.js/wp-content/plugins/extendify/public/build/extendify-shared.css/wp-content/plugins/extendify/public/build/extendify-shared.js/wp-content/plugins/extendify/vendor/wp-extendify/wp-extendify-core/resources/css/inline.css

Script Paths

wp-content/plugins/extendify/public/build/extendify-agent.jswp-content/plugins/extendify/public/build/extendify-shared.js

Version Parameters

extendify/style.css?ver=extendify/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

extendify-agent-chatextendify-assistextendify-tourextendify-workflow-historywp-extendify-core

HTML Comments

Data Attributes

data-extendify-chat-targetdata-extendify-tour-targetdata-extendify-workflow-history-target

JS Globals

extendifyEXTENDIFY_BASE_URLEXTENDIFY_DEVMODEEXTENDIFY_PARTNER_ID

REST Endpoints

/wp-json/extendify/v1/chat/wp-json/extendify/v1/tour/wp-json/extendify/v1/workflow-history

Shortcode Output

[extendify_chat][extendify_tour][extendify_workflow_history]

FAQ