Does Extension Profiles have any unpatched vulnerabilities?

No. All known vulnerabilities in Extension Profiles have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Extension Profiles compatible with WordPress 6.9.4?

According to WordPress.org data, Extension Profiles 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Extension Profiles compatible with PHP 7.4+?

Extension Profiles requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Extension Profiles updated?

Extension Profiles was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is Extension Profiles's security score?

Extension Profiles has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Extension Profiles Security & Risk Analysis

wordpress.org/plugins/extension-profiles

Create named profiles to quickly switch between different sets of active plugins per user session.

0 active installs v1.0.0 PHP 7.4+ WP 6.5+ Updated Feb 16, 2026

developmentprofilesswitchingtestingtroubleshooting

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Extension Profiles Safe to Use in 2026?

Generally Safe

Score 100/100

Extension Profiles has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "extension-profiles" plugin v1.0.0 demonstrates a generally good security posture with several strengths. Notably, it shows no history of known vulnerabilities (CVEs) and uses prepared statements for all SQL queries, indicating a strong defense against SQL injection. The plugin also has a high percentage of properly escaped outputs and incorporates nonce checks and capability checks, which are essential for secure WordPress development. However, there are significant concerns regarding its attack surface. The presence of two AJAX handlers without any authentication checks presents a clear risk. This means that any unauthenticated user can trigger these AJAX actions, potentially leading to unintended consequences or exploitation if the functionality is sensitive. While no critical taint flows or dangerous functions were detected in the static analysis, this lack of authentication on entry points is a substantial weakness that requires immediate attention.

Key Concerns

AJAX handlers without auth checks

Vulnerabilities

None known

Extension Profiles Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Extension Profiles Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

69 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped72 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

render_page (app\Admin\ProfileAdminPage.php:235)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Extension Profiles Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_extension_profiles_activateapp\Providers\ProfileManagerProvider.php:52

authwp_ajax_extension_profiles_deactivateapp\Providers\ProfileManagerProvider.php:56

WordPress Hooks 13

actionadmin_bar_menuapp\Admin\AdminBarMenu.php:44

actionadmin_enqueue_scriptsapp\Admin\AdminBarMenu.php:45

actionwp_enqueue_scriptsapp\Admin\AdminBarMenu.php:46

actionadd_meta_boxes_extension_profileapp\Admin\MetaBoxes\PluginSelectorMetaBox.php:49

actionsave_post_extension_profileapp\Admin\MetaBoxes\PluginSelectorMetaBox.php:50

actionadmin_noticesapp\Admin\PluginsPageNotice.php:44

actionadmin_menuapp\Admin\ProfileAdminPage.php:70

actionadmin_initapp\Admin\ProfileAdminPage.php:71

actionadmin_enqueue_scriptsapp\Providers\AdminProvider.php:60

actionadmin_initapp\Providers\MuPluginProvider.php:42

actioninitapp\Providers\ProfilePostTypeProvider.php:26

filterpre_option_active_pluginstemplates\mu-plugin.php:91

filterpre_option_active_sitewide_pluginstemplates\mu-plugin.php:92

Maintenance & Trust

Extension Profiles Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 16, 2026

PHP min version7.4

Downloads162

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Extension Profiles Alternatives

Admin Bar Tools

sf-adminbar-tools

Adds some small development tools to the admin bar.

400 No CVEs

Eli's PHP Compatibility Scanner

eli-php-compatibility-scanner

100

A comprehensive WordPress plugin that scans your plugins and themes for PHP version compatibility issues using the PHPCompatibility ruleset.

100 No CVEs

User Role Switcher

wp-user-role-switcher

Instant switching between user roles in WordPress.

100 No CVEs

Test Email Redirector

test-email-redirector

100

Redirects all outgoing WordPress emails to a specified test address for development and testing purposes.

60 No CVEs

Back To The Theme

back-to-the-theme

See a page with different themes all at once, just like that!

10 No CVEs

Developer Profile

Extension Profiles Developer Profile

David Towoju

4 plugins · 470 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Extension Profiles

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/extension-profiles/assets/css/extension-profiles.css/wp-content/plugins/extension-profiles/assets/js/extension-profiles.js

Script Paths

/wp-content/plugins/extension-profiles/assets/js/extension-profiles.js

Version Parameters

extension-profiles/assets/css/extension-profiles.css?ver=extension-profiles/assets/js/extension-profiles.js?ver=

HTML / DOM Fingerprints

CSS Classes

extension-profiles-admin-notice

Data Attributes

data-extension-profiles-plugin-file

JS Globals

ExtensionProfilesAdmin

FAQ