Does Child Theme Creator by Orbisius have any unpatched vulnerabilities?

No. All known vulnerabilities in Child Theme Creator by Orbisius have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Child Theme Creator by Orbisius compatible with WordPress 6.7.5?

According to WordPress.org data, Child Theme Creator by Orbisius 1.5.6 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Child Theme Creator by Orbisius compatible with PHP 5.6+?

Child Theme Creator by Orbisius requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Child Theme Creator by Orbisius updated?

Child Theme Creator by Orbisius was last updated on Dec 10, 2024. Frequent updates are generally a positive security signal.

What is Child Theme Creator by Orbisius's security score?

Child Theme Creator by Orbisius has a WP-Safety security score of 88/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Child Theme Creator by Orbisius Security & Risk Analysis

wordpress.org/plugins/orbisius-child-theme-creator

Create Child Themes quickly and easily from any theme that you have currently installed on your site/blog.

10K active installs v1.5.6 PHP 5.6+ WP 3.4+ Updated Dec 10, 2024

child-themechild-themesdesigntheme-creatortheme-generator

A · Safe

CVEs total4

Unpatched0

Last CVEDec 11, 2024

Plugin page Download

Safety Verdict

Is Child Theme Creator by Orbisius Safe to Use in 2026?

Generally Safe

Score 88/100

Child Theme Creator by Orbisius has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 11, 2024Updated 1yr ago

Risk Assessment

The "orbisius-child-theme-creator" plugin v1.5.6 presents a mixed security posture. While it demonstrates some good practices like using prepared statements for a majority of its SQL queries and performing nonce and capability checks on some entry points, significant concerns remain. The presence of dangerous functions like `exec` and `shell_exec` is a critical red flag, as these can be leveraged for remote code execution if proper sanitization and authorization are not strictly enforced. Furthermore, the taint analysis indicating two flows with unsanitized paths, even without critical or high severity, suggests potential avenues for injection attacks.

Key Concerns

Unprotected AJAX handler
Use of dangerous functions (exec, shell_exec)
Flows with unsanitized paths (2)
Less than 100% proper output escaping
High vulnerability history (4 CVEs)
Vulnerabilities include CSRF and Missing Authorization

Vulnerabilities

Child Theme Creator by Orbisius Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

1 CVE in 2020

2020

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-12263medium · 4.3Missing Authorization

Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete

Dec 11, 2024 Patched in 1.5.6 (1d)

CVE-2024-43276medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Child Theme Creator <= 1.5.4 - Reflected Cross-Site Scripting

Aug 16, 2024 Patched in 1.5.5 (7d)

CVE-2020-28649high · 8.8Cross-Site Request Forgery (CSRF)

Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation

Oct 14, 2020 Patched in 1.5.2 (1196d)

CVE-2015-9456medium · 6.5Missing Authorization

Child Theme Creator by Orbisius <= 1.2.7 - Arbitrary File Write

Jul 8, 2015 Patched in 1.2.8 (3121d)

Code Analysis

Analyzed Mar 16, 2026

Child Theme Creator by Orbisius Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec$last_line = exec($cmd, $output, $exit_code);orbisius-child-theme-creator.php:2882

shell_exec$output = shell_exec($cmd . " 2>&1");orbisius-child-theme-creator.php:2886

SQL Query Safety

67% prepared3 total queries

Output Escaping

45% escaped56 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

orbisius_child_theme_creator_tools_action (orbisius-child-theme-creator.php:797)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Child Theme Creator by Orbisius Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_orbisius_ctc_theme_editor_ajaxorbisius-child-theme-creator.php:43

noprivwp_ajax_orbisius_ctc_theme_editor_ajaxorbisius-child-theme-creator.php:44

WordPress Hooks 14

actionorbisius_child_theme_creator_admin_enqueue_scriptsaddons\clipboard\init.php:4

actionadmin_initorbisius-child-theme-creator.php:32

actionadmin_initorbisius-child-theme-creator.php:33

actionadmin_enqueue_scriptsorbisius-child-theme-creator.php:34

actionadmin_menuorbisius-child-theme-creator.php:35

actionnetwork_admin_menuorbisius-child-theme-creator.php:36

actionwp_footerorbisius-child-theme-creator.php:37

actionadmin_noticesorbisius-child-theme-creator.php:38

actionnetwork_admin_noticesorbisius-child-theme-creator.php:39

actionwp_before_admin_bar_renderorbisius-child-theme-creator.php:41

actionorbisius_child_theme_creator_action_authorbisius-child-theme-creator.php:77

filterorbisius_child_theme_creator_filter_asset_srcorbisius-child-theme-creator.php:297

filterplugin_action_linksorbisius-child-theme-creator.php:372

filtertheme_action_linksorbisius-child-theme-creator.php:377

Maintenance & Trust

Child Theme Creator by Orbisius Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 10, 2024

PHP min version5.6

Downloads637K

Community Trust

Rating80/100

Number of ratings45

Active installs10K

Alternatives

Child Theme Creator by Orbisius Alternatives

Generate Child Theme

generate-child-theme

Create child themes of any WordPress themes effortlessly with Generate Child Theme.

8K 1 CVE

ChildMaker AI

childmaker-ai

100

Create child themes quickly and easily from your WordPress admin panel — clean, simple, and safe.

0 No CVEs

Child Theme Configurator

child-theme-configurator

100

When using the Customizer is not enough - Create a child theme from your installed themes and customize styles, templates, functions and more.

300K No CVEs

WP Child Theme Generator

wp-child-theme-generator

WP Child Theme Generator is an easy solution to all your WordPress child theme creating problems!

20K 2 CVEs

Childify Me

childify-me

Create a child-theme from the Theme Customizer.

9K No CVEs

Developer Profile

Child Theme Creator by Orbisius Developer Profile

Svetoslav Marinov

26 plugins · 12K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

722 days

View full developer profile

Detection Fingerprints

How We Detect Child Theme Creator by Orbisius

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/orbisius-child-theme-creator/assets/css/style.css/wp-content/plugins/orbisius-child-theme-creator/assets/js/main.js/wp-content/plugins/orbisius-child-theme-creator/assets/js/colorpicker.js/wp-content/plugins/orbisius-child-theme-creator/assets/js/select2.min.js/wp-content/plugins/orbisius-child-theme-creator/assets/js/jquery.simple-color-picker.js/wp-content/plugins/orbisius-child-theme-creator/assets/css/font-awesome.min.css/wp-content/plugins/orbisius-child-theme-creator/assets/css/select2.min.css

Script Paths

/wp-content/plugins/orbisius-child-theme-creator/assets/js/main.js/wp-content/plugins/orbisius-child-theme-creator/assets/js/colorpicker.js/wp-content/plugins/orbisius-child-theme-creator/assets/js/select2.min.js/wp-content/plugins/orbisius-child-theme-creator/assets/js/jquery.simple-color-picker.js

Version Parameters

orbisius-child-theme-creator/assets/css/style.css?ver=orbisius-child-theme-creator/assets/js/main.js?ver=orbisius-child-theme-creator/assets/js/colorpicker.js?ver=orbisius-child-theme-creator/assets/js/select2.min.js?ver=orbisius-child-theme-creator/assets/js/jquery.simple-color-picker.js?ver=orbisius-child-theme-creator/assets/css/font-awesome.min.css?ver=orbisius-child-theme-creator/assets/css/select2.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

orbisius-child-theme-creatororbisius_child_theme_creator_admin_barorbisius-child-theme-creator-container

HTML Comments

Copyright 2012-2050 Svetoslav Marinov (Slavi) <slavi@orbisius.com>This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 2 of the License, or+13 more

Data Attributes

data-id="orbisius_child_theme_creator_admin_bar_data-parent="orbisius_child_theme_creator_admin_bar_

JS Globals

orbisius_child_theme_creator_admin_barorbisius_child_theme_creator_ajax_object

FAQ