WP-Safety

Front End Theme Preview Security & Risk Analysis

wordpress.org/plugins/front-end-theme-preview

Allow users to preview and/or download/buy themes on the front end

10 active installs v1.2.2 PHP + WP 3.0+ Updated Feb 22, 2014
front-endpreviewtheme-preview
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Front End Theme Preview Safe to Use in 2026?

Generally Safe

Score 85/100

Front End Theme Preview has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "front-end-theme-preview" plugin v1.2.2 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and the absence of external HTTP requests, several concerning signals emerge from the static analysis. The presence of the `unserialize` function four times, combined with 13 out of 14 analyzed taint flows having unsanitized paths, and 5 high-severity taint flows, indicates a significant potential for serious vulnerabilities if user-supplied data is processed by these functions without rigorous sanitization.

The vulnerability history is currently clean, with no known CVEs recorded, which is a positive indicator. However, this does not negate the risks identified in the code analysis. The lack of documented past vulnerabilities could be due to the plugin's limited adoption, infrequent security auditing, or simply good fortune, rather than inherent robust security. The plugin has a limited attack surface with no unprotected entry points, but the internal code signals about data handling are worrisome.

In conclusion, while the plugin benefits from a lack of public vulnerabilities and secure SQL practices, the heavy reliance on `unserialize` with unsanitized data inputs presents a substantial risk. The high number of unsanitized taint flows, particularly those flagged as high severity, should be a primary focus for developers to address.

Key Concerns

  • Multiple high severity taint flows
  • Many unsanitized path taint flows
  • Dangerous unserialize function used multiple times
  • Low percentage of properly escaped output
  • Limited nonce checks for entry points
Vulnerabilities
None known

Front End Theme Preview Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Front End Theme Preview Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
12 prepared
Unescaped Output
86
6 escaped
Nonce Checks
1
Capability Checks
3
File Operations
22
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize'items' => ( isset( $_COOKIE['fetp_items'] ) && is_array( unserialize( $_COOKIE['fetp_items'] ) ) ) fetp-transact.php:102
unserialize'items' => ( isset( $_COOKIE['fetp_items'] ) && is_array( unserialize( $_COOKIE['fetp_items'] ) ) ) fetp-transact.php:102
unserialize$session_items = unserialize( $_COOKIE['fetp_items'] );fetp-transact.php:217
unserialize$this->items = unserialize( $_COOKIE['fetp_items'] );fetp-transact.php:313

SQL Query Safety

100% prepared12 total queries

Output Escaping

7% escaped92 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

14 flows13 with unsanitized paths
premium_download (class.fetp.php:140)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Front End Theme Preview Attack Surface

Entry Points5
Unprotected0

Shortcodes 5

[fetpreview] class.fetp.php:339
[fetpdownload] class.fetp.php:340
[fetp] class.fetp.php:341
[fetpselect] class.fetp.php:342
[fetplistpremium] class.fetp.php:343
WordPress Hooks 25
actionadmin_menuclass-fetp-admin.php:50
actionadmin_post_save_fetp_formclass-fetp-admin.php:53
actionadd_meta_boxesclass-fetp-admin.php:56
actionadd_meta_boxesclass-fetp-admin.php:687
filterfetp_submit_form_metaboxclass-fetp-admin.php:690
filterwidget_textclass.fetp.php:344
actionadmin_menufetp-admin.php:8
actionadmin_enqueue_scriptsfetp-admin.php:477
actionadmin_footerfetp-admin.php:562
actionwp_headfetp-transact.php:531
filterwp_mail_content_typefetp-transact.php:713
actionwidgets_initfetp-widgets.php:217
filterstylesheetfetp.php:177
filtertemplatefetp.php:178
actionwp_headfetp.php:181
actionsetup_themefetp.php:184
filtershow_admin_barfetp.php:253
actionwpfetp.php:259
actionfetp_actionfetp.php:336
actionfetp_actionfetp.php:359
actionwp_enqueue_scriptsfetp.php:373
actionwp_headfetp.php:376
actionwpfetp.php:473
filterplugin_action_linksfetp.php:504
filterplugin_row_metafetp.php:515
Maintenance & Trust

Front End Theme Preview Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41
Last updatedFeb 22, 2014
PHP min version
Downloads5K

Community Trust

Rating74/100
Number of ratings3
Active installs10
Alternatives

Front End Theme Preview Alternatives

Backstage – Customizer Demo Access

Backstage – Customizer Demo Access

backstage

A
85

Showcase your product's flexibility the same way users will harness it, in the Customizer. All elegant and secure.

100 No CVEs
MDC Theme Switcher

MDC Theme Switcher

mdc-theme-switcher

A
85

Allow visitors to choose and preview from available themes from front-end. Different themes for different visitors simultaneously!

10 No CVEs
Parallels Themes Switcher

Parallels Themes Switcher

parallels-themes-switcher

A
100

This plugin allows you to modify/switch the current theme on the live site without interfering the current visitors.

10 No CVEs
Preview Themes

Preview Themes

preview-themes

A
85

The Preview Themes plugin allows wordpress users to preview all installed themes without having to activate and deactivate them simultaneously.

10 No CVEs
Random Theme

Random Theme

random-theme

A
85

Random WordPree Theme Plugin load random themes located in wp-content/themes automatically everytime visitor open the website.

10 No CVEs
Developer Profile

Front End Theme Preview Developer Profile

Harvey J

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Front End Theme Preview

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/front-end-theme-preview/fetp.css/wp-content/plugins/front-end-theme-preview/fetp-admin.css
Script Paths
/wp-content/plugins/front-end-theme-preview/fetp.js
Version Parameters
front-end-theme-preview/fetp.css?ver=front-end-theme-preview/fetp.js?ver=

HTML / DOM Fingerprints

CSS Classes
fetp-barfetp-bar-wrapfetp-controlfetp-buttonfetp-titlefetp-arrowdetails-tabfetp-hidden+5 more
HTML Comments
/* * Plugin Name: Front End Theme Preview * Plugin URI: http://upthatalley.com/ * Description: This plugins allows you to preview your themes or to allow users to preview a theme on the front end (before they can download it). It renders a different theme for the user on your site without changing the 'default' theme. * Version: 1.2.2 * Author: Harvey J * Author URI: http://upthatalley.wordpress.com/about */<!-- Preview Toolbar --><!-- Check if we're in preview --><!-- Hide the admin bar when in preview -->+1 more
Data Attributes
fetp-preview-session
JS Globals
fetp
FAQ

Frequently Asked Questions about Front End Theme Preview