WP-Safety

Kenta Companion Security & Risk Analysis

wordpress.org/plugins/kenta-companion

Kenta Companion is an extension to the Kenta theme. It provides a lot of features and one-click demo import for Kenta Theme.

2K active installs v1.3.3 PHP 7.4+ WP 5.4+ Updated Dec 18, 2025
widgetwidgets
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJan 8, 2026
Download
Safety Verdict

Is Kenta Companion Safe to Use in 2026?

Mostly Safe

Score 78/100

Kenta Companion is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jan 8, 2026Updated 3mo ago
Risk Assessment

The kenta-companion plugin v1.3.3 exhibits a mixed security posture. On the positive side, its static analysis reveals a commendably small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without authentication checks. Furthermore, all identified SQL queries are properly prepared, and a good number of capability checks and nonce checks are in place. However, the presence of the `unserialize` function is a significant concern, as it can be a vector for remote code execution if used with untrusted input. While taint analysis shows no flows with unsanitized paths, this doesn't mitigate the inherent risk of `unserialize` itself.

The vulnerability history presents a clear pattern of past security issues, specifically a medium-severity Cross-Site Request Forgery (CSRF) vulnerability that was last patched (or discovered) in 2026. The fact that one CVE is currently unpatched is a critical warning sign, even if it's categorized as medium severity. This suggests a potential for past vulnerabilities to resurface or that the plugin maintainers may not be consistently addressing security flaws promptly. The overall conclusion is that while the plugin has strengths in limiting its direct attack surface, the presence of a dangerous function like `unserialize` and an unpatched historical vulnerability necessitate careful consideration and vigilance.

Key Concerns

  • Unpatched CVE found
  • Dangerous function: unserialize used
  • Bundled library (Freemius v1.0) may be outdated
Vulnerabilities
1

Kenta Companion Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-27090medium · 4.3Cross-Site Request Forgery (CSRF)

Kenta Companion <= 1.3.3 - Cross-Site Request Forgery

Jan 8, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

Kenta Companion Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
4 prepared
Unescaped Output
29
80 escaped
Nonce Checks
2
Capability Checks
9
File Operations
13
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$data = unserialize( $raw );src\DemoImporter\CustomizerImporter.php:88

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared4 total queries

Output Escaping

73% escaped109 total outputs
Attack Surface

Kenta Companion Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 31
actionadmin_enqueue_scriptskenta-companion.php:72
actionadmin_noticeskenta-companion.php:77
actionplugins_loadedkenta-companion.php:99
actionwp_enqueue_scriptssrc\Core\Extensions.php:27
actioncustomize_preview_initsrc\Core\Extensions.php:28
actionkcmp/after_bootstrapsrc\Core\KentaCompanion.php:18
actionrest_api_initsrc\Core\KentaCompanion.php:21
actionadmin_menusrc\Core\KentaCompanion.php:22
actionkcmp/show_admin_setup_pagesrc\Core\KentaCompanion.php:23
actionadmin_action_kcmp_deactivate_classic_editorsrc\Core\KentaCompanion.php:24
filterkenta_admin_page_urlsrc\Core\KentaCompanion.php:25
filterkenta_admin_page_tabssrc\Core\KentaCompanion.php:26
filterkenta_admin_page_customizer_itemssrc\Core\KentaCompanion.php:27
actionkcmp/template_importedsrc\Core\KentaCompanion.php:38
actionadmin_noticessrc\Core\KentaCompanion.php:41
actioncurrent_screensrc\Core\KentaCompanion.php:45
actioninitsrc\Core\KentaCompanion.php:47
filterimport_post_meta_keysrc\DemoImporter\ContentImporter\WXRImporter.php:81
filterhttp_request_timeoutsrc\DemoImporter\ContentImporter\WXRImporter.php:82
actionkcmp/template_importedsrc\DemoImporter\Demos.php:40
filterkcmp/customizer_import_settingssrc\DemoImporter\Demos.php:41
actionkenta_header_builder_initializedsrc\Extensions\Builder.php:12
actionkenta_footer_builder_initializedsrc\Extensions\Builder.php:13
filterkenta_global_section_controlssrc\Extensions\CookiesConsent.php:31
filterkenta_action_aftersrc\Extensions\CookiesConsent.php:33
filterkenta_filter_dynamic_csssrc\Extensions\CookiesConsent.php:35
filterkenta_global_section_controlssrc\Extensions\CustomFonts.php:11
filterkenta_customizer_call_to_actionssrc\Extensions\Reset.php:8
actioncustomize_registersrc\Extensions\Reset.php:9
actionkenta_after_lotta_framework_bootstrapsrc\Extensions\Reset.php:10
actionadmin_action_kcmp_reset_customizer_optionssrc\Extensions\Reset.php:11
Maintenance & Trust

Kenta Companion Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 18, 2025
PHP min version7.4
Downloads66K

Community Trust

Rating0/100
Number of ratings0
Active installs2K
Alternatives

Kenta Companion Alternatives

Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Ultimate Addons for Elementor

Ultimate Addons for Elementor

header-footer-elementor

A
96

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa &hellip;

2.0M 12 CVEs
One Click Demo Import

One Click Demo Import

one-click-demo-import

A
97

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs
Developer Profile

Kenta Companion Developer Profile

WP Moose

25 plugins · 14K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
147 days
View full developer profile
Detection Fingerprints

How We Detect Kenta Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kenta-companion/assets/css/kenta-admin.css/wp-content/plugins/kenta-companion/assets/css/kenta-admin.min.css/wp-content/plugins/kenta-companion/assets/js/kenta-admin.js/wp-content/plugins/kenta-companion/assets/js/kenta-admin.min.js
Script Paths
/wp-content/plugins/kenta-companion/vendor/autoload.php
Version Parameters
kenta-companion/style.css?ver=kenta-companion/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
kenta-companion-admin-wrap
Data Attributes
data-kenta-companion
JS Globals
KentaCompanion
REST Endpoints
/wp-json/kenta-companion/v1/demos
FAQ

Frequently Asked Questions about Kenta Companion