Premmerce Dev Tools Security & Risk Analysis

wordpress.org/plugins/premmerce-dev-tools

This plugin is created to facilitate the development, testing and debugging of the code on the WordPress platform and to quickly create the demo data …

90 active installs v2.0 PHP 5.6+ WP 4.8+ Updated May 29, 2019
code-debugdebuggingdevelopers-toolsplugin-generatorwordpress-debugging
60
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 15, 2026
Safety Verdict

Is Premmerce Dev Tools Safe to Use in 2026?

Use With Caution

Score 60/100

Premmerce Dev Tools has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 15, 2026Updated 7yr ago
Risk Assessment

The plugin 'premmerce-dev-tools' v2.0 exhibits a generally positive security posture based on the provided static analysis. A notable strength is the absence of any recorded vulnerabilities (CVEs) in its history, suggesting a development team that is either highly diligent or has not yet encountered significant security flaws. The code also demonstrates a good practice of using prepared statements for a significant majority of its SQL queries (90%), mitigating common SQL injection risks. Furthermore, the attack surface appears minimal, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication checks, which is a strong indicator of secure design. However, there are areas for concern. The output escaping is only properly handled in 45% of cases, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. Additionally, the taint analysis reveals two flows with unsanitized paths, which, although not classified as critical or high severity in this report, warrant further investigation as they represent potential pathways for data manipulation or unauthorized access. The complete lack of nonce checks and capability checks across the board is a significant weakness, as these are fundamental WordPress security mechanisms designed to prevent various types of attacks. While the taint analysis did not reveal critical issues in this instance, the absence of these checks significantly increases the potential impact should a vulnerability be introduced or discovered.

Key Concerns

  • Output escaping is not properly handled for 55% of outputs.
  • Taint analysis found 2 flows with unsanitized paths.
  • No nonce checks are implemented.
  • No capability checks are implemented.
Vulnerabilities
1 published

Premmerce Dev Tools Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-6933high · 8.8Unrestricted Upload of File with Dangerous Type

Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation

Jun 15, 2026Unpatched
Version History

Premmerce Dev Tools Release Timeline

v2.0Current1 CVE
v1.11 CVE
v1.0.21 CVE
v1.0.11 CVE
v1.01 CVE
Code Analysis
Analyzed Mar 16, 2026

Premmerce Dev Tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
19 prepared
Unescaped Output
6
5 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
0
Bundled Libraries
0

SQL Query Safety

90% prepared21 total queries

Output Escaping

45% escaped11 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
redirectBack (src\Admin\Admin.php:128)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Premmerce Dev Tools Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionadmin_menusrc\Admin\Admin.php:32
actionadmin_post_create_pluginsrc\Admin\Admin.php:62
actionadmin_post_generate_datasrc\Admin\Admin.php:63
actionadmin_post_clean_upsrc\Admin\Admin.php:64
actionplugins_loadedsrc\DevToolsPlugin.php:27
Maintenance & Trust

Premmerce Dev Tools Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedMay 29, 2019
PHP min version5.6
Downloads6K

Community Trust

Rating100/100
Number of ratings2
Active installs90
Developer Profile

Premmerce Dev Tools Developer Profile

Premmerce

14 plugins · 60K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
388 days
View full developer profile
Detection Fingerprints

How We Detect Premmerce Dev Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/premmerce-dev-tools/admin/js/clean-up.js

HTML / DOM Fingerprints

Data Attributes
data-dismiss
FAQ

Frequently Asked Questions about Premmerce Dev Tools