Does Phototools: Basics have any unpatched vulnerabilities?

No. All known vulnerabilities in Phototools: Basics have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Phototools: Basics compatible with WordPress 5.2.24?

According to WordPress.org data, Phototools: Basics 1.7 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Phototools: Basics compatible with PHP 5.6+?

Phototools: Basics requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Phototools: Basics updated?

Phototools: Basics was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Phototools: Basics's security score?

Phototools: Basics has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Phototools: Basics Security & Risk Analysis

wordpress.org/plugins/phototools

Phototools replaces the default activity widget on the dashboard by three separate widgets with thumbnails.

0 active installs v1.7 PHP 5.6+ WP 3.0.1+ Updated Unknown

dashboardphototools

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Phototools: Basics Safe to Use in 2026?

Generally Safe

Score 100/100

Phototools: Basics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The phototools v1.7 plugin exhibits a generally positive security posture based on the provided static analysis. The complete absence of exploitable entry points like unprotected AJAX handlers, REST API routes, and shortcodes is a significant strength. Furthermore, the plugin demonstrates good practices by exclusively using prepared statements for all SQL queries and reporting no known vulnerabilities or CVEs. The lack of file operations and external HTTP requests also minimizes common attack vectors.

However, a notable concern arises from the output escaping. With only 15% of 59 outputs properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Attackers could potentially inject malicious scripts through user-supplied data that is then displayed on the front end without adequate sanitization. While the plugin appears to have capability checks, the absence of nonce checks on any entry points (though there are none listed) combined with the low output escaping rate is a significant weakness that needs attention.

Key Concerns

Low output escaping rate (15%)
No nonce checks found

Vulnerabilities

None known

Phototools: Basics Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Phototools: Basics Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

15% escaped59 total outputs

Attack Surface

Phototools: Basics Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actioninitphototools.php:37

actioninitphototools.php:43

actionadmin_menuphototools.php:48

actionadmin_initphototools.php:53

actionwp_dashboard_setupphototools.php:59

filterwidget_textphototools.php:65

filterwidget_textphototools.php:66

actioninitphototools.php:71

actionwp_headphototools.php:77

actiontemplate_redirectphototools.php:81

actionwidgets_initphototools.php:85

Maintenance & Trust

Phototools: Basics Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedUnknown

PHP min version5.6

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Phototools: Basics Alternatives

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 10 CVEs