Does Keon Toolset have any unpatched vulnerabilities?

No. All known vulnerabilities in Keon Toolset have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Keon Toolset compatible with WordPress 6.9.4?

According to WordPress.org data, Keon Toolset 2.4.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Keon Toolset compatible with PHP 4.6+?

Keon Toolset requires PHP 4.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Keon Toolset updated?

Keon Toolset was last updated on Jan 7, 2026. Frequent updates are generally a positive security signal.

What is Keon Toolset's security score?

Keon Toolset has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Keon Toolset Security & Risk Analysis

wordpress.org/plugins/keon-toolset

Import dummy data for themes developed by Keon Themes.

30K active installs v2.4.5 PHP 4.6+ WP 4.6+ Updated Jan 7, 2026

demo-datademo-data-importerone-click-demo-import

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Keon Toolset Safe to Use in 2026?

Generally Safe

Score 100/100

Keon Toolset has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The keon-toolset plugin v2.4.5 exhibits a generally good security posture, with a notable absence of known vulnerabilities and a strong adherence to secure coding practices in several areas. The code analysis reveals a low attack surface with a majority of entry points secured. SQL queries are exclusively handled through prepared statements, and a high percentage of output is properly escaped, indicating diligent effort to prevent common web vulnerabilities. The plugin also demonstrates good usage of nonce and capability checks for its identified entry points.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This represents a direct pathway for unauthenticated attackers to potentially interact with the plugin's backend functionality, which could lead to unauthorized actions or information disclosure if not properly mitigated by other layers of defense within the application. The absence of reported CVEs and historical vulnerabilities is a positive indicator, suggesting a history of secure development or at least a lack of publicly discovered flaws. Nonetheless, the single unprotected AJAX endpoint is a critical oversight that warrants immediate attention.

In conclusion, while keon-toolset v2.4.5 has strong foundations in secure coding, the unprotected AJAX handler introduces a tangible risk. The plugin's historical lack of vulnerabilities is commendable, but it does not negate the immediate threat posed by the identified code weakness. Addressing this specific vulnerability is paramount to maintaining a secure environment.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Keon Toolset Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Keon Toolset Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

96% escaped53 total outputs

Attack Surface

1 unprotected

Keon Toolset Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 4

authwp_ajax_install_base_themedemo\base-install\base-install.php:17

authwp_ajax_remind_me_later_bosa_proincludes\class-bosa-pro-upgrade-notice.php:13

authwp_ajax_upgrade_bosa_pro_notice_dismissincludes\class-bosa-pro-upgrade-notice.php:14

authwp_ajax_keon_toolset_getting_startedkeon-toolset.php:63

WordPress Hooks 29

actionadmin_enqueue_scriptsdemo\base-install\base-install.php:18

actionadmin_enqueue_scriptsdemo\base-install\base-install.php:19

actionswitch_themedemo\functions.php:31

filteradvanced_export_include_optionsdemo\functions.php:32

actionadvanced_import_before_complete_screendemo\functions.php:33

filteradvanced_import_update_value_elementskit_optionsdemo\functions.php:34

actionadmin_enqueue_scriptsincludes\admin-notices.php:11

actionadmin_initincludes\admin-notices.php:71

actionadmin_initincludes\admin-notices.php:82

actionswitch_themeincludes\admin-notices.php:95

actionadmin_enqueue_scriptsincludes\class-bosa-pro-upgrade-notice.php:11

actionadmin_initincludes\class-bosa-pro-upgrade-notice.php:12

actionadmin_noticesincludes\class-bosa-pro-upgrade-notice.php:32

filtergutentor_advanced_import_templatesincludes\class-template-library-base.php:62

actioncustomize_registerincludes\theme-check-functions.php:9

actionadmin_noticesincludes\theme-check-functions.php:14

actionadmin_noticesincludes\theme-check-functions.php:19

actioncustomize_controls_enqueue_scriptsincludes\upsell.php:16

actioncustomize_registerincludes\upsell.php:26

actioncustomize_registerincludes\upsell.php:36

filterst_woo_ai_rel_products_pro_linkincludes\upsell.php:189

filteradvanced_import_demo_listskeon-toolset.php:61

filteradmin_menukeon-toolset.php:62

filteradmin_enqueue_scriptskeon-toolset.php:64

filteradmin_enqueue_scriptskeon-toolset.php:65

actionadvanced_import_replace_term_idskeon-toolset.php:66

actionadvanced_import_replace_post_idskeon-toolset.php:67

actionadvanced_import_after_complete_screenkeon-toolset.php:71

actionadvanced_import_after_content_screenkeon-toolset.php:72

Maintenance & Trust

Keon Toolset Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 7, 2026

PHP min version4.6

Downloads1.5M

Community Trust

Rating0/100

Number of ratings0

Active installs30K

Alternatives

Keon Toolset Alternatives

Blockskit

blockskit

100

An easy plugin to import starter sites and add different effects to the image.

8K No CVEs

Kortez Toolset

kortez-toolset

Import dummy data for themes developed by Kortez Themes.

1K No CVEs

Blockskit Import

blockskit-import

A easy plugin to import starter sites.

100 No CVEs

Cyclone Demo Importer

cyclone-demo-importer

Import Dummy data for themes developed by Cyclone Themes.

10K No CVEs

Candid Advanced Toolset

candid-advanced-toolset

Import Dummy data for themes developed by Candid Themes.

1K No CVEs

Developer Profile

Keon Toolset Developer Profile

keonthemes

1 plugin · 30K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Keon Toolset

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/keon-toolset/demo/base-install/assets/base-install.css/wp-content/plugins/keon-toolset/demo/base-install/assets/base-install.js

Script Paths

/wp-content/plugins/keon-toolset/demo/base-install/assets/base-install.js

Version Parameters

keon-toolset/demo/base-install/assets/base-install.css?ver=keon-toolset/demo/base-install/assets/base-install.js?ver=

HTML / DOM Fingerprints

CSS Classes

kt-base-install-notice-wrapperkt-base-install-noticekt-base-install-notice-iconkt-base-install-notice-contentkt-base-install-notice-titlekt-base-install-notice-descriptionkt-base-install-buttonskt-install-theme-btn+3 more

Data Attributes

data-kt-install-themedata-kt-install-plugindata-kt-activate-plugin

JS Globals

kt_base_installdirect_install

FAQ