Does Central Color Palette have any unpatched vulnerabilities?

No. All known vulnerabilities in Central Color Palette have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Central Color Palette compatible with WordPress 5.3.21?

According to WordPress.org data, Central Color Palette 1.15.5 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

Is Central Color Palette compatible with PHP 5.3+?

Central Color Palette requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Central Color Palette updated?

Central Color Palette was last updated on Aug 16, 2023. Frequent updates are generally a positive security signal.

What is Central Color Palette's security score?

Central Color Palette has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Central Color Palette Security & Risk Analysis

wordpress.org/plugins/kt-tinymce-color-grid

Manage a site-wide central color palette for a uniform look'n'feel! Supports the new block editor, Theme Customizer and many themes and plug …

10K active installs v1.15.5 PHP 5.3+ WP 5.2+ Updated Aug 16, 2023

colorcustomizereditorgutenbergpalette

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Central Color Palette Safe to Use in 2026?

Generally Safe

Score 85/100

Central Color Palette has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The kt-tinymce-color-grid plugin v1.15.5 demonstrates a generally good security posture with no known vulnerabilities in its history and several positive code signals. The absence of any CVEs and the secure handling of SQL queries via prepared statements are strong indicators of diligent development practices. Furthermore, the presence of nonce and capability checks, albeit limited in number, suggests an awareness of WordPress security best practices. The plugin also avoids external HTTP requests and bundled libraries, reducing potential attack vectors.

However, the static analysis reveals some areas for concern. The low percentage of properly escaped output (41%) is a significant weakness, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if untrusted data is not handled carefully. While the taint analysis shows no critical or high-severity flows, the presence of "flows with unsanitized paths" indicates that the plugin might be susceptible to certain types of injection if user-supplied data is not adequately sanitized before being used in file operations or other sensitive contexts.

In conclusion, while kt-tinymce-color-grid v1.15.5 is built on a solid foundation with no known historical exploits and good SQL handling, the insufficient output escaping and the presence of unsanitized paths warrant attention. Addressing these issues would significantly improve the plugin's overall security and mitigate potential risks.

Key Concerns

Low percentage of properly escaped output
Flows with unsanitized paths detected

Vulnerabilities

None known

Central Color Palette Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Central Color Palette Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

41% escaped61 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

import_backup (index.php:1575)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Central Color Palette Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 40

actionplugins_loadedindex.php:159

actionafter_setup_themeindex.php:160

filterplugin_action_linksindex.php:161

filternetwork_admin_plugin_action_linksindex.php:162

filtertiny_mce_before_initindex.php:453

actionafter_wp_tiny_mceindex.php:454

actionadmin_enqueue_scriptsindex.php:459

actionadmin_print_scriptsindex.php:460

actionadmin_print_footer_scriptsindex.php:461

actioncustomize_controls_print_scriptsindex.php:462

actioncustomize_controls_print_footer_scriptsindex.php:463

actionadmin_enqueue_scriptsindex.php:467

actionacf/admin_print_scriptsindex.php:468

actionsuki/admin/dashboard/contentindex.php:472

actioncustomize_registerindex.php:473

actionwp_print_stylesindex.php:480

actionadmin_print_stylesindex.php:483

filterelementor/editor/localize_settingsindex.php:487

actionelementor/editor/after_enqueue_scriptsindex.php:489

actionelementor/editor/after_enqueue_scriptsindex.php:490

actionelementor/editor/after_enqueue_stylesindex.php:491

filtergenerate_default_color_palettesindex.php:496

actionadmin_enqueue_scriptsindex.php:497

filterocean_default_color_palettesindex.php:501

actionadmin_enqueue_scriptsindex.php:502

filterfl_builder_color_presetsindex.php:506

actionwp_enqueue_scriptsindex.php:507

filterhestia_accent_color_paletteindex.php:515

actionadmin_enqueue_scriptsindex.php:519

filtermegamenu_spectrum_localisationindex.php:523

filterastra_color_palettesindex.php:528

actionadmin_enqueue_scriptsindex.php:529

filterastra_color_palettesindex.php:531

filterpre_option_oxygen_vsb_global_colorsindex.php:536

actionwp_enqueue_scriptsindex.php:537

actionwp_headindex.php:684

actionadmin_print_stylesindex.php:685

actionadmin_enqueue_scriptsindex.php:1290

filterremovable_query_argsindex.php:1291

actionkt_add_luma_transformationindex.php:1292

Maintenance & Trust

Central Color Palette Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedAug 16, 2023

PHP min version5.3

Downloads442K

Community Trust

Rating98/100

Number of ratings57

Active installs10K

Alternatives

Central Color Palette Alternatives

Block Editor Colors

block-editor-colors

100

Change Gutenberg block editor colors or create new ones.

3K No CVEs

Custom Color Palette for Gutenberg

custom-color-palette

A small and simple plugin to adjust the default color palette of the new WordPress Gutenberg Editor.

1K No CVEs

Editor Custom Color Palette

editor-custom-color-palette

Personnalisez la palette de couleurs Gutenberg,la typographie,les blocs natifs, l'éditeur et l’administration WordPress,sans blocs propriétaires.

100 1 unpatched

Customify – Intuitive Website Styling

customify

100

Customify is a theme Customizer booster to easily customize Fonts, Colors, and other options for a certain WordPress theme.

10K 1 CVE

Color Palette

color-palette-block

100

Quickly create & share color palettes on your website

10 No CVEs

Developer Profile

Central Color Palette Developer Profile

Tessa (they/them), AuRise Creative

5 plugins · 10K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Central Color Palette

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kt-tinymce-color-grid/assets/css/admin.css/wp-content/plugins/kt-tinymce-color-grid/assets/css/style.css/wp-content/plugins/kt-tinymce-color-grid/assets/js/admin.js/wp-content/plugins/kt-tinymce-color-grid/assets/js/color-grid.js

Script Paths

/wp-content/plugins/kt-tinymce-color-grid/assets/js/admin.js/wp-content/plugins/kt-tinymce-color-grid/assets/js/color-grid.js

Version Parameters

kt-tinymce-color-grid/assets/css/admin.css?ver=kt-tinymce-color-grid/assets/css/style.css?ver=kt-tinymce-color-grid/assets/js/admin.js?ver=kt-tinymce-color-grid/assets/js/color-grid.js?ver=

HTML / DOM Fingerprints

CSS Classes

kt-color-grid-wrapperkt-color-grid-inputkt-color-grid-output

HTML Comments

Data Attributes

data-kt-color-grid-iddata-kt-color-grid-options

JS Globals

kt_color_grid_params

FAQ