Does Microthemer Lite – Visual Editor to Customize CSS have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Microthemer Lite – Visual Editor to Customize CSS compatible with WordPress 6.9.4?

According to WordPress.org data, Microthemer Lite – Visual Editor to Customize CSS 7.5.3.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Microthemer Lite – Visual Editor to Customize CSS compatible with PHP 5.6+?

Microthemer Lite – Visual Editor to Customize CSS requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Microthemer Lite – Visual Editor to Customize CSS's security score?

Microthemer Lite – Visual Editor to Customize CSS has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Microthemer Lite – Visual Editor to Customize CSS Security & Risk Analysis

wordpress.org/plugins/microthemer

A visual editor to customize the CSS styling of anything on your site - from Google fonts to responsive layouts.

10K active installs v7.5.3.9 PHP 5.6+ WP 6.0+ Updated Apr 15, 2026

csscustomizegoogle-fontsresponsivevisual-editor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Microthemer Lite – Visual Editor to Customize CSS Safe to Use in 2026?

Generally Safe

Score 100/100

Microthemer Lite – Visual Editor to Customize CSS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The Microthemer plugin version 7.5.3.8 exhibits a mixed security posture. While it demonstrates some good practices such as a significant majority of SQL queries using prepared statements and a decent number of nonce and capability checks, there are several concerning areas. The presence of dangerous functions like `unserialize` and `preg_replace(/e)` warrants careful attention, especially given the taint analysis revealing two high-severity flows with unsanitized paths. The large attack surface, particularly the six unprotected AJAX handlers, presents a significant risk of unauthorized actions or data manipulation if these handlers are exploitable. The plugin's history of zero known vulnerabilities is a positive sign, suggesting a potentially mature and well-maintained codebase. However, this historical lack of vulnerabilities should not overshadow the current findings, as the static and taint analysis points to specific areas of concern that need to be addressed.

Key Concerns

Multiple unprotected AJAX handlers
Dangerous function: unserialize
Dangerous function: preg_replace(/e)
High severity taint flows
Lower percentage of properly escaped output

Vulnerabilities

None known

Microthemer Lite – Visual Editor to Customize CSS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Microthemer Lite – Visual Editor to Customize CSS Release Timeline

v5.0.0.2

Code Analysis

Analyzed Mar 16, 2026

Microthemer Lite – Visual Editor to Customize CSS Code Analysis

Dangerous Functions

Raw SQL Queries

52 prepared

Unescaped Output

396

279 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeupdate_option($this->preferencesName, unserialize($rev->preferences));src\Admin.php:4903

unserialize$rev->settings = unserialize($rev->settings);src\Admin.php:4914

unserialize$snippets = unserialize($snippets);src\Content\AdminContent.php:657

preg_replace(/e)preg_replace('/esrc\Dependencies\Minify\minify\src\JS.php:457

unserialize'preferences' => !empty($rev->preferences) ? unserialize($rev->preferences) : '',src\SettingsTrait.php:45

unserialize'snippets' => !empty($rev->snippets) ? unserialize($rev->snippets) : '',src\SettingsTrait.php:46

unserialize'settings' => $withSettings && isset($rev->settings) ? unserialize($rev->settings) : '',src\SettingsTrait.php:47

SQL Query Safety

80% prepared65 total queries

Output Escaping

41% escaped675 total outputs

Data Flows · Security

7 unsanitized

Data Flow Analysis

11 flows7 with unsanitized paths

<tvr-manage-micro-themes> (includes\tvr-manage-micro-themes.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Microthemer Lite – Visual Editor to Customize CSS Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 7

authwp_ajax_mtuisrc\AdminInitTrait.php:152

noprivwp_ajax_tvra_requestsrc\AjaxPublic.php:14

authwp_ajax_tvra_requestsrc\AjaxPublic.php:15

authwp_ajax_puc_v5_debug_check_nowsrc\Content\plugin-update-checker-master\Puc\v5p5\DebugBar\Extension.php:29

authwp_ajax_puc_v5_debug_request_infosrc\Content\plugin-update-checker-master\Puc\v5p5\DebugBar\PluginExtension.php:16

authwp_ajax_puc_v5_debug_check_nowsrc\Content\plugin-update-checker-master\Puc\v5p6\DebugBar\Extension.php:29

authwp_ajax_puc_v5_debug_request_infosrc\Content\plugin-update-checker-master\Puc\v5p6\DebugBar\PluginExtension.php:16

WordPress Hooks 95

actioninitsrc\Admin.php:230

filterscript_loader_tagsrc\Admin.php:1313

actionadmin_bar_menusrc\Admin.php:5214

actionadmin_initsrc\AdminInitTrait.php:74

actionadmin_initsrc\AdminInitTrait.php:94

actionadmin_initsrc\AdminInitTrait.php:97

filtershow_admin_barsrc\AdminInitTrait.php:100

actionadmin_initsrc\AdminInitTrait.php:127

actionadmin_initsrc\AdminInitTrait.php:128

actionadmin_enqueue_scriptssrc\AdminInitTrait.php:129

actionadmin_headsrc\AdminInitTrait.php:130

actionadmin_headsrc\AdminInitTrait.php:131

actionadmin_enqueue_scriptssrc\AdminInitTrait.php:132

actionadmin_enqueue_scriptssrc\AdminInitTrait.php:136

actionwp_enqueue_mediasrc\AdminInitTrait.php:137

actionadmin_menusrc\AdminInitTrait.php:159

actionadmin_bar_menusrc\AdminInitTrait.php:166

actionadmin_initsrc\AdminInitTrait.php:178

actionadmin_noticessrc\AdminInitTrait.php:224

actionadmin_noticessrc\AdminInitTrait.php:253

filtersite_transient_update_pluginssrc\AdminInitTrait.php:463

filterplugins_api_resultsrc\AdminInitTrait.php:464

filterposts_searchsrc\AdminInitTrait.php:595

actionadmin_initsrc\AjaxPublic.php:9

actioninitsrc\AssetAuth.php:88

actionwpsrc\AssetAuth.php:93

actionadmin_bar_menusrc\AssetAuth.php:99

actionwp_print_scriptssrc\AssetAuth.php:104

actionsave_postsrc\AssetAuth.php:116

actionlogin_enqueue_scriptssrc\AssetLoad.php:231

filterstyle_loader_tagsrc\AssetLoad.php:235

filterbody_classsrc\AssetLoad.php:457

filternav_menu_css_classsrc\AssetLoad.php:466

filtertemplate_includesrc\AssetLoad.php:676

actionlogin_enqueue_scriptssrc\AssetLoad.php:701

actionwpsrc\Content\AssetLoadContent.php:57

actionshutdownsrc\Content\AssetLoadContent.php:58

filterdebug_bar_panelssrc\Content\plugin-update-checker-master\Puc\v5p5\DebugBar\Extension.php:26

actiondebug_bar_enqueue_scriptssrc\Content\plugin-update-checker-master\Puc\v5p5\DebugBar\Extension.php:27

filterupgrader_post_installsrc\Content\plugin-update-checker-master\Puc\v5p5\Plugin\Package.php:37

actiondelete_site_transient_update_pluginssrc\Content\plugin-update-checker-master\Puc\v5p5\Plugin\Package.php:38

actionadmin_initsrc\Content\plugin-update-checker-master\Puc\v5p5\Plugin\Ui.php:19

filterplugin_row_metasrc\Content\plugin-update-checker-master\Puc\v5p5\Plugin\Ui.php:26

filterplugin_row_metasrc\Content\plugin-update-checker-master\Puc\v5p5\Plugin\Ui.php:27

actionall_admin_noticessrc\Content\plugin-update-checker-master\Puc\v5p5\Plugin\Ui.php:28

filterplugins_apisrc\Content\plugin-update-checker-master\Puc\v5p5\Plugin\UpdateChecker.php:101

filtercron_schedulessrc\Content\plugin-update-checker-master\Puc\v5p5\Scheduler.php:53

actionadmin_initsrc\Content\plugin-update-checker-master\Puc\v5p5\Scheduler.php:78

actionload-update-core.phpsrc\Content\plugin-update-checker-master\Puc\v5p5\Scheduler.php:82

actionupgrader_process_completesrc\Content\plugin-update-checker-master\Puc\v5p5\Scheduler.php:90

actionupgrader_process_completesrc\Content\plugin-update-checker-master\Puc\v5p5\Scheduler.php:91

actioninitsrc\Content\plugin-update-checker-master\Puc\v5p5\UpdateChecker.php:120

filterupgrader_source_selectionsrc\Content\plugin-update-checker-master\Puc\v5p5\UpdateChecker.php:168

filterhttp_request_host_is_externalsrc\Content\plugin-update-checker-master\Puc\v5p5\UpdateChecker.php:172

filterhttp_request_argssrc\Content\plugin-update-checker-master\Puc\v5p5\UpdateChecker.php:176

actionplugins_loadedsrc\Content\plugin-update-checker-master\Puc\v5p5\UpdateChecker.php:182

actionpuc_api_errorsrc\Content\plugin-update-checker-master\Puc\v5p5\UpdateChecker.php:362

filterupgrader_pre_installsrc\Content\plugin-update-checker-master\Puc\v5p5\UpgraderStatus.php:19

filterupgrader_package_optionssrc\Content\plugin-update-checker-master\Puc\v5p5\UpgraderStatus.php:20

filterupgrader_post_installsrc\Content\plugin-update-checker-master\Puc\v5p5\UpgraderStatus.php:21

actionupgrader_process_completesrc\Content\plugin-update-checker-master\Puc\v5p5\UpgraderStatus.php:22

filterupgrader_pre_downloadsrc\Content\plugin-update-checker-master\Puc\v5p5\Vcs\GitHubApi.php:355

filterhttp_request_argssrc\Content\plugin-update-checker-master\Puc\v5p5\Vcs\GitHubApi.php:404

actionrequests-requests.before_redirectsrc\Content\plugin-update-checker-master\Puc\v5p5\Vcs\GitHubApi.php:405

filterdebug_bar_panelssrc\Content\plugin-update-checker-master\Puc\v5p6\DebugBar\Extension.php:26

actiondebug_bar_enqueue_scriptssrc\Content\plugin-update-checker-master\Puc\v5p6\DebugBar\Extension.php:27

filterupgrader_post_installsrc\Content\plugin-update-checker-master\Puc\v5p6\Plugin\Package.php:37

actiondelete_site_transient_update_pluginssrc\Content\plugin-update-checker-master\Puc\v5p6\Plugin\Package.php:38

actionadmin_initsrc\Content\plugin-update-checker-master\Puc\v5p6\Plugin\Ui.php:19

filterplugin_row_metasrc\Content\plugin-update-checker-master\Puc\v5p6\Plugin\Ui.php:26

filterplugin_row_metasrc\Content\plugin-update-checker-master\Puc\v5p6\Plugin\Ui.php:27

actionall_admin_noticessrc\Content\plugin-update-checker-master\Puc\v5p6\Plugin\Ui.php:28

filterplugins_apisrc\Content\plugin-update-checker-master\Puc\v5p6\Plugin\UpdateChecker.php:101

filtercron_schedulessrc\Content\plugin-update-checker-master\Puc\v5p6\Scheduler.php:53

actionadmin_initsrc\Content\plugin-update-checker-master\Puc\v5p6\Scheduler.php:78

actionload-update-core.phpsrc\Content\plugin-update-checker-master\Puc\v5p6\Scheduler.php:82

actionupgrader_process_completesrc\Content\plugin-update-checker-master\Puc\v5p6\Scheduler.php:90

actionupgrader_process_completesrc\Content\plugin-update-checker-master\Puc\v5p6\Scheduler.php:91

actioninitsrc\Content\plugin-update-checker-master\Puc\v5p6\UpdateChecker.php:120

filterupgrader_source_selectionsrc\Content\plugin-update-checker-master\Puc\v5p6\UpdateChecker.php:168

filterhttp_request_host_is_externalsrc\Content\plugin-update-checker-master\Puc\v5p6\UpdateChecker.php:172

filterhttp_request_argssrc\Content\plugin-update-checker-master\Puc\v5p6\UpdateChecker.php:176

actionplugins_loadedsrc\Content\plugin-update-checker-master\Puc\v5p6\UpdateChecker.php:182

actionpuc_api_errorsrc\Content\plugin-update-checker-master\Puc\v5p6\UpdateChecker.php:362

filterupgrader_pre_installsrc\Content\plugin-update-checker-master\Puc\v5p6\UpgraderStatus.php:19

filterupgrader_package_optionssrc\Content\plugin-update-checker-master\Puc\v5p6\UpgraderStatus.php:20

filterupgrader_post_installsrc\Content\plugin-update-checker-master\Puc\v5p6\UpgraderStatus.php:21

actionupgrader_process_completesrc\Content\plugin-update-checker-master\Puc\v5p6\UpgraderStatus.php:22

filterupgrader_pre_downloadsrc\Content\plugin-update-checker-master\Puc\v5p6\Vcs\GitHubApi.php:355

filterhttp_request_argssrc\Content\plugin-update-checker-master\Puc\v5p6\Vcs\GitHubApi.php:404

actionrequests-requests.before_redirectsrc\Content\plugin-update-checker-master\Puc\v5p6\Vcs\GitHubApi.php:405

filterplugins_api_resultsrc\Content\PluginUpdater.php:22

filtersite_transient_update_pluginssrc\Content\PluginUpdater.php:23

actionplugins_loadedtvr-microthemer.php:60

actionadmin_noticestvr-microthemer.php:65

Maintenance & Trust

Microthemer Lite – Visual Editor to Customize CSS Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 15, 2026

PHP min version5.6

Downloads2.6M

Community Trust

Rating100/100

Number of ratings44

Active installs10K

Alternatives

Microthemer Lite – Visual Editor to Customize CSS Alternatives

My Style Anytime

my-style-anytime

100

Customize public frontend or admin backend wp-admin with responsive using the same CSS stylesheets file based on user roles type

10 No CVEs

Simple Custom CSS and JS

custom-css-js

100

Easily add Custom CSS or JS to your website with an awesome editor.

700K 1 CVE

Page Builder by SiteOrigin

siteorigin-panels

Build responsive page layouts using the widgets you know and love using this simple drag and drop page builder.

500K 8 CVEs

Simple CSS

simple-css

100

Add CSS to your website through an admin editor, the Customizer or a metabox for page/post specific CSS.

80K No CVEs

MaxButtons – Create buttons

maxbuttons

Maxbuttons is the best and easiest button plugin for WordPress. Within minutes you can create beautiful buttons, share buttons and social icons.

70K 13 CVEs

Developer Profile

Microthemer Lite – Visual Editor to Customize CSS Developer Profile

Themeover

2 plugins · 10K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Microthemer Lite – Visual Editor to Customize CSS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/microthemer/assets/css/admin.min.css/wp-content/plugins/microthemer/assets/css/public.min.css/wp-content/plugins/microthemer/assets/js/admin.min.js/wp-content/plugins/microthemer/assets/js/public.min.js

Script Paths

/wp-content/plugins/microthemer/assets/js/admin.min.js/wp-content/plugins/microthemer/assets/js/public.min.js

Version Parameters

microthemer/assets/css/admin.min.css?ver=microthemer/assets/css/public.min.css?ver=microthemer/assets/js/admin.min.js?ver=microthemer/assets/js/public.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

tvr-ui-settingstvr-settings-panetvr-option-grouptvr-option-input

HTML Comments

Data Attributes

data-tvr-css-editor

JS Globals

window.tvrwindow.microthemer

FAQ