Does Options for Twenty Seventeen have any unpatched vulnerabilities?

No. All known vulnerabilities in Options for Twenty Seventeen have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Options for Twenty Seventeen compatible with WordPress 6.9.4?

According to WordPress.org data, Options for Twenty Seventeen 2.5.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Options for Twenty Seventeen compatible with PHP 5.6+?

Options for Twenty Seventeen requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Options for Twenty Seventeen updated?

Options for Twenty Seventeen was last updated on Dec 12, 2025. Frequent updates are generally a positive security signal.

What is Options for Twenty Seventeen's security score?

Options for Twenty Seventeen has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Options for Twenty Seventeen Security & Risk Analysis

wordpress.org/plugins/options-for-twenty-seventeen

Adds powerful customizer options to modify all aspects of the default WordPress theme Twenty Seventeen.

9K active installs v2.5.6 PHP 5.6+ WP 4.6+ Updated Dec 12, 2025

changecustomizemodifytwenty-seventeentwentyseventeen

A · Safe

CVEs total1

Unpatched0

Last CVESep 25, 2023

Plugin page Download

Safety Verdict

Is Options for Twenty Seventeen Safe to Use in 2026?

Generally Safe

Score 100/100

Options for Twenty Seventeen has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 25, 2023Updated 3mo ago

Risk Assessment

The plugin 'options-for-twenty-seventeen' v2.5.6 exhibits a generally good security posture with strong adherence to best practices in several key areas. The static analysis reveals that all SQL queries are properly prepared, output escaping is excellent with 98% proper handling, and there are no identified dangerous functions, file operations, or external HTTP requests. The presence of a nonce check is also a positive indicator. However, a significant concern is the single AJAX handler that lacks authentication checks, presenting a direct attack vector. While taint analysis found no issues, this unprotected entry point could potentially be exploited if coupled with other vulnerabilities or logic flaws.

The vulnerability history shows one medium-severity CVE recorded in September 2023, which was for Cross-site Scripting. The fact that this vulnerability is currently unpatched is a notable weakness. Although the latest version has resolved this specific CVE, the historical presence of XSS indicates a potential for input sanitization or output escaping flaws to be introduced. The overall security is a mixed bag; strengths lie in coding standards for data handling and output, but the unprotected AJAX endpoint and past vulnerability history warrant careful consideration.

Key Concerns

AJAX handler without authentication check
Previously known medium severity CVE

Vulnerabilities

Options for Twenty Seventeen Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-5162medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Options for Twenty Seventeen <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Sep 25, 2023 Patched in 2.5.1 (120d)

Code Analysis

Analyzed Mar 16, 2026

Options for Twenty Seventeen Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

206 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped211 total outputs

Attack Surface

1 unprotected

Options for Twenty Seventeen Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_dismiss_ofts_notice_handleroptions-for-twenty-seventeen.php:46

Shortcodes 1

[social-links] options-for-twenty-seventeen.php:40

WordPress Hooks 21

filterplugin_row_metaincludes\class-ofts-common.php:287

actioncustomize_registeroptions-for-twenty-seventeen.php:30

actionwp_headoptions-for-twenty-seventeen.php:31

actioncustomize_controls_enqueue_scriptsoptions-for-twenty-seventeen.php:32

actioncustomize_preview_initoptions-for-twenty-seventeen.php:33

actionafter_setup_themeoptions-for-twenty-seventeen.php:34

actionafter_setup_themeoptions-for-twenty-seventeen.php:35

actionafter_setup_themeoptions-for-twenty-seventeen.php:36

actionwidgets_initoptions-for-twenty-seventeen.php:37

actionwidgets_initoptions-for-twenty-seventeen.php:38

actionwp_footeroptions-for-twenty-seventeen.php:39

actionadmin_noticesoptions-for-twenty-seventeen.php:45

actionwp_footeroptions-for-twenty-seventeen.php:1925

actionwp_footeroptions-for-twenty-seventeen.php:1975

actionget_template_part_template-parts/post/contentoptions-for-twenty-seventeen.php:2192

filterbody_classoptions-for-twenty-seventeen.php:2259

filtergettextoptions-for-twenty-seventeen.php:2400

actionget_template_part_template-parts/page/contentoptions-for-twenty-seventeen.php:2675

filterbody_classoptions-for-twenty-seventeen.php:2676

actionget_template_part_template-parts/footer/siteoptions-for-twenty-seventeen.php:2805

actionadmin_noticesoptions-for-twenty-seventeen.php:3222

Maintenance & Trust

Options for Twenty Seventeen Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 12, 2025

PHP min version5.6

Downloads355K

Community Trust

Rating96/100

Number of ratings57

Active installs9K

Alternatives

Options for Twenty Seventeen Alternatives

Customize Twenty Seventeen

customize-twenty-seventeen

Customize Twenty Seventeen theme - add Google Fonts, use new templates and get other options to easily customize your site.

2K No CVEs

Remove "Powered by WordPress"

remove-powered-by-wp

100

Removes the WordPress credit on all default WordPress themes and replaces with a widget sidebar for those wanting to customise the theme.

20K No CVEs

Options for Twenty Twenty-One

options-for-twenty-twenty-one

100

Adds powerful customizer options to modify all aspects of the default WordPress theme Twenty Twenty-One.

7K No CVEs

Options for Twenty Twenty

options-for-twenty-twenty

100

Adds powerful customizer options to modify all aspects of the default WordPress theme Twenty Twenty.

3K No CVEs

Options for Twenty Nineteen

options-for-twenty-nineteen

100

Adds powerful customizer options to modify all aspects of the default WordPress theme Twenty Nineteen.

800 No CVEs

Developer Profile

Options for Twenty Seventeen Developer Profile

Oliver Campion

12 plugins · 43K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

869 days

View full developer profile

Detection Fingerprints

How We Detect Options for Twenty Seventeen

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/options-for-twenty-seventeen/js/customizer-preview.js/wp-content/plugins/options-for-twenty-seventeen/css/customizer.css

Script Paths

/wp-content/plugins/options-for-twenty-seventeen/js/customizer-preview.js

Version Parameters

options-for-twenty-seventeen/js/customizer-preview.js?ver=options-for-twenty-seventeen/css/customizer.css?ver=

HTML / DOM Fingerprints

CSS Classes

ofts-social-links-item

Data Attributes

data-ofts-social-links-style

JS Globals

ofts_preview

Shortcode Output

[social-links]

FAQ