WP-Safety

MDC Theme Switcher Security & Risk Analysis

wordpress.org/plugins/mdc-theme-switcher

Allow visitors to choose and preview from available themes from front-end. Different themes for different visitors simultaneously!

10 active installs v3.1.0 PHP + WP 3.0.1+ Updated Apr 11, 2016
activatechangefront-endpreviewtheme
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MDC Theme Switcher Safe to Use in 2026?

Generally Safe

Score 85/100

MDC Theme Switcher has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The "mdc-theme-switcher" v3.1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerabilities or CVEs, suggesting a historically stable and secure codebase. There are no file operations or external HTTP requests, further limiting potential attack vectors. However, significant concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks, creating a substantial risk of unauthorized actions. Additionally, a concerning signal is the presence of the `create_function` dangerous function, which can lead to code injection vulnerabilities if not handled with extreme care. The low percentage of properly escaped output (23%) is another significant weakness, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function detected (create_function)
  • Low percentage of properly escaped output
  • No nonce checks on AJAX
  • No capability checks on AJAX
Vulnerabilities
None known

MDC Theme Switcher Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

MDC Theme Switcher Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
23
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function('', 'echo "'.str_replace('"', '\"', $section['desc']).'";');admin\class.settings-api.php:108

Output Escaping

23% escaped30 total outputs
Attack Surface
2 unprotected

MDC Theme Switcher Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_mdc_change_thememdc-theme-switcher.php:42
noprivwp_ajax_mdc_change_thememdc-theme-switcher.php:43

Shortcodes 1

[mdc_theme_switcher] mdc-theme-switcher.php:46
WordPress Hooks 10
actionadmin_enqueue_scriptsadmin\class.settings-api.php:30
actionadmin_initadmin\mdc-theme-switcher-settings.php:18
actionadmin_menuadmin\mdc-theme-switcher-settings.php:19
actionafter_switch_thememdc-theme-switcher.php:33
actionplugins_loadedmdc-theme-switcher.php:34
actionwp_headmdc-theme-switcher.php:35
actionwp_footermdc-theme-switcher.php:38
actionwp_headmdc-theme-switcher.php:39
actionwp_enqueue_scriptsmdc-theme-switcher.php:41
actionwidget_textmdc-theme-switcher.php:45
Maintenance & Trust

MDC Theme Switcher Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedApr 11, 2016
PHP min version
Downloads6K

Community Trust

Rating70/100
Number of ratings13
Active installs10
Alternatives

MDC Theme Switcher Alternatives

Theme Switcher Reloaded

Theme Switcher Reloaded

theme-switcher-reloaded

C
63

Theme Switcher Reloaded is an updated and much improved version of the original Theme Switcher. Comes with a widget and can also switch themes via URL …

100 1 unpatched
PWD Theme Switcher

PWD Theme Switcher

pwd-theme-switcher

A
85

Change theme to see your changes without saving it just for your session.

60 No CVEs
Front End Theme Preview

Front End Theme Preview

front-end-theme-preview

A
85

Allow users to preview and/or download/buy themes on the front end

10 No CVEs
Theme Switcha – Easily Switch Themes for Development and Testing

Theme Switcha – Easily Switch Themes for Development and Testing

theme-switcha

A
98

Easily switch between themes for development and testing.

7K 2 CVEs
WP Theme Changelogs

WP Theme Changelogs

wp-theme-changelogs

A
85

Adding changelogs for themes hosted on wordpress.org by parsing their readme.txt

1K No CVEs
Developer Profile

MDC Theme Switcher Developer Profile

Nazmul Ahsan

6 plugins · 180 total installs

84
trust score
Avg Security Score
86/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MDC Theme Switcher

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mdc-theme-switcher/assets/css/style.css/wp-content/plugins/mdc-theme-switcher/assets/js/script.js/wp-content/plugins/mdc-theme-switcher/assets/img/icon.png
Script Paths
/wp-content/plugins/mdc-theme-switcher/assets/js/script.js
Version Parameters
mdc-theme-switcher/assets/css/style.css?ver=mdc-theme-switcher/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
mdc-theme-switchermdc-position-topmdc-position-bottommdc-rowmdc-site-titlemdc-themes-listmdc-choose-thememdc-dev-credit+2 more
HTML Comments
<![CDATA[]]>check either from backend@since 3.1.0
Data Attributes
data-themedata-optiondata-default-themedata-enable-sticky-bardata-sticky-bar-positiondata-hide-site-title+4 more
JS Globals
ajaxurl
Shortcode Output
<select class="mdc-choose-theme">
FAQ

Frequently Asked Questions about MDC Theme Switcher