Does OliveWP Companion have any unpatched vulnerabilities?

No. All known vulnerabilities in OliveWP Companion have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OliveWP Companion compatible with WordPress 6.0.11?

According to WordPress.org data, OliveWP Companion 1.1.2 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is OliveWP Companion compatible with PHP 5.2+?

OliveWP Companion requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is OliveWP Companion updated?

OliveWP Companion was last updated on Sep 13, 2022. Frequent updates are generally a positive security signal.

What is OliveWP Companion's security score?

OliveWP Companion has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OliveWP Companion Security & Risk Analysis

wordpress.org/plugins/olivewp-companion

OliveWP Companion plugin enhances the functionality of OliveWP theme. This plugin requires OliveWP theme to be installed.

300 active installs v1.1.2 PHP 5.2+ WP 5.3+ Updated Sep 13, 2022

adminwidgetwidgets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is OliveWP Companion Safe to Use in 2026?

Generally Safe

Score 85/100

OliveWP Companion has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The olivewp-companion v1.1.2 plugin exhibits a concerning security posture due to a significant lack of authentication checks on its entry points. While the plugin does not appear to have a history of publicly disclosed vulnerabilities, this does not negate the risks introduced by its current codebase. The static analysis reveals one AJAX handler that lacks any form of authentication, presenting a direct pathway for unauthorized actions if this handler performs sensitive operations. The taint analysis, though limited in scope, identified two flows with unsanitized paths, which could potentially lead to vulnerabilities if these paths are exposed to user input. The absence of nonce checks on AJAX handlers is a critical oversight, leaving the plugin susceptible to Cross-Site Request Forgery (CSRF) attacks. Despite the positive signs of using prepared statements for SQL queries and a good percentage of output escaping, these strengths are overshadowed by the critical deficiencies in authentication and input sanitization for its exposed entry points. Therefore, while the plugin has avoided past vulnerabilities, its current implementation poses a notable risk that requires immediate attention.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
Missing nonce checks on AJAX
Missing capability checks
Partially unescaped output
Bundled Freemius v1.0 library

Vulnerabilities

None known

OliveWP Companion Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

OliveWP Companion Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

105

231 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0

Output Escaping

69% escaped336 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

olivewp_companion_extensions_page_fn (admin\tab\extensions.php:2)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

OliveWP Companion Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_dismissed_plugin_success_handlerolivewp-companion.php:274

WordPress Hooks 28

actionadmin_enqueue_scriptsadmin\owc-script.php:5

actionwp_enqueue_scriptsadmin\owc-script.php:29

actioncustomize_preview_initadmin\owc-script.php:41

actionwp_headadmin\owc-script.php:51

actionolivewp_plus_addon_pageadmin\tab\addons.php:87

actionolivewp_companion_changelog_pageadmin\tab\changelog.php:12

actionolivewp_companion_extensions_pageadmin\tab\extensions.php:60

actionolivewp_companion_home_pageadmin\tab\home-page.php:183

actionolivewp_companion_recommanded_pageadmin\tab\recommended.php:40

actionwp_enqueue_scriptsinc\control\fonts.php:23

filterpt-ocdi/import_filesinc\spice-starter-sites\demo-content\setup.php:275

actionpt-ocdi/after_importinc\spice-starter-sites\demo-content\setup.php:302

actionadmin_enqueue_scriptsinc\spice-starter-sites\demo-content\setup.php:314

filterocdi/plugin_page_setupinc\spice-starter-sites\demo-content\setup.php:326

filterocdi/register_pluginsinc\spice-starter-sites\demo-content\setup.php:374

filterpt-ocdi/disable_pt_brandinginc\spice-starter-sites\demo-content\setup.php:379

actioncustomize_registerinc\trending-post\customizer\customizer-trending-post.php:8

actionolivewp_companion_trending_posts_hookinc\trending-post\olivewp-companion-trending-post.php:106

actionadmin_menuolivewp-companion.php:22

actionplugins_loadedolivewp-companion.php:66

actionadmin_menuolivewp-companion.php:72

actionadmin_initolivewp-companion.php:104

actioncustomize_registerolivewp-companion.php:106

actioninitolivewp-companion.php:126

actionplugins_loadedolivewp-companion.php:144

actionadmin_noticesolivewp-companion.php:145

actionactivated_pluginolivewp-companion.php:220

actionadmin_noticesolivewp-companion.php:269

Maintenance & Trust

OliveWP Companion Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedSep 13, 2022

PHP min version5.2

Downloads12K

Community Trust

Rating100/100

Number of ratings1

Active installs300

Alternatives

OliveWP Companion Alternatives

Desert Companion

desert-companion

100

Desert Companion Enhances Desert Themes with additional functionality.

20K No CVEs

SpiceBox

spicebox

100

Enhance Spicethemes WordPress Themes functionality.

20K No CVEs

Arile Extra

arile-extra

100

Arile Extra is a companion plugin for ArileWP WordPress theme by ThemeArile.

10K No CVEs

Widget Disable

wp-widget-disable

Disable sidebar and dashboard widgets with an easy to use interface.

10K No CVEs

Daddy Plus

daddy-plus

100

Daddy Plus is a useful plugin for WordPress theme by Themes Daddy.

9K No CVEs

Developer Profile

OliveWP Companion Developer Profile

spicethemes

34 plugins · 63K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

369 days

View full developer profile

Detection Fingerprints

How We Detect OliveWP Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/olivewp-companion/admin/owc-script.php/wp-content/plugins/olivewp-companion/inc/control/fonts.php/wp-content/plugins/olivewp-companion/inc/control/sanitization.php/wp-content/plugins/olivewp-companion/inc/trending-post/customizer/customizer-trending-post.php/wp-content/plugins/olivewp-companion/inc/trending-post/olivewp-companion-trending-post.php/wp-content/plugins/olivewp-companion/inc/control/customizer-category-dropdown-custom-control.php/wp-content/plugins/olivewp-companion/inc/control/customizer-taxonomy-dropdown-custom-control.php/wp-content/plugins/olivewp-companion/inc/control/customizer-image-checkbox-custom-control.php+3 more

HTML / DOM Fingerprints

FAQ