Does Redux Framework have any unpatched vulnerabilities?

No. All known vulnerabilities in Redux Framework have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Redux Framework compatible with WordPress 6.9.4?

According to WordPress.org data, Redux Framework 4.5.10 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Redux Framework compatible with PHP 7.4+?

Redux Framework requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Redux Framework updated?

Redux Framework was last updated on Jan 7, 2026. Frequent updates are generally a positive security signal.

What is Redux Framework's security score?

Redux Framework has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Redux Framework Security & Risk Analysis

wordpress.org/plugins/redux-framework

Redux is a simple, truly extensible, and fully responsive options framework for WordPress themes and plugins. It ships with an integrated demo.

1.0M active installs v4.5.10 PHP 7.4+ WP 5.0+ Updated Jan 7, 2026

adminoptionsoptions-frameworkplugin-optionstheme-options

A · Safe

CVEs total6

Unpatched0

Last CVEDec 12, 2025

Plugin page Download

Safety Verdict

Is Redux Framework Safe to Use in 2026?

Generally Safe

Score 89/100

Redux Framework has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Dec 12, 2025Updated 2mo ago

Risk Assessment

The Redux Framework v4.5.10 plugin exhibits a mixed security posture. While it demonstrates strong practices in areas like prepared SQL statements and a high percentage of properly escaped output, significant concerns remain regarding its attack surface. The presence of an AJAX handler without authentication checks is a critical vulnerability, potentially allowing unauthorized actions. The history of 6 known CVEs, including high and medium severity vulnerabilities such as Cross-Site Scripting, Incorrect Authorization, and Exposure of Sensitive Information, indicates a recurring pattern of exploitable flaws. Although there are currently no unpatched CVEs and the latest vulnerability was in the past, the frequency and types of past issues suggest that diligent patching and ongoing security reviews are essential. The plugin's strengths lie in its robust SQL handling and output escaping, but the unprotected AJAX endpoint and the historical vulnerability trend necessitate caution.

Key Concerns

AJAX handler without authentication checks
History of high severity vulnerabilities (3)
History of medium severity vulnerabilities (3)
Flows with unsanitized paths (4)

Vulnerabilities

Redux Framework Security Vulnerabilities

CVEs by Year

2 CVEs in 2020

2020

2 CVEs in 2021

2021

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

6 total CVEs

CVE-2025-9488medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter

Dec 12, 2025 Patched in 4.5.9 (1d)

CVE-2024-6828high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting

Jul 22, 2024 Patched in 4.4.18 (45d)

CVE-2021-38312high · 7.1Incorrect Authorization

Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion

Sep 1, 2021 Patched in 4.2.13 (874d)

CVE-2021-38314medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure

Sep 1, 2021 Patched in 4.2.13 (874d)

WF-adebcf1c-bb22-4a25-b79b-b76eb3b3023f-redux-frameworkmedium · 5.3Cross-Site Request Forgery (CSRF)

Gutenberg Template Library & Redux Framework <= 4.1.23 - Cross-Site Request Forgery

Dec 15, 2020 Patched in 4.1.24 (1134d)

WF-07422361-3c7c-4e3c-bbfb-097c7fe5f2b4-redux-frameworkhigh · 8.8Cross-Site Request Forgery (CSRF)

Gutenberg Template and Pattern Library & Redux Framework <= 4.1.20 - Cross-Site Request Forgery

Nov 23, 2020 Patched in 4.1.21 (1156d)

Code Analysis

Analyzed Mar 16, 2026

Redux Framework Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

290

2062 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared6 total queries

Output Escaping

88% escaped2352 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths

save_scheme (redux-core\inc\extensions\color_scheme\class-redux-extension-color-scheme.php:594)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Redux Framework Attack Surface

Entry Points14

Unprotected1

AJAX Handlers 7

authwp_ajax_redux_hide_admin_noticeredux-core\inc\classes\class-redux-admin-notices.php:47

authwp_ajax_redux_update_google_fontsredux-core\inc\classes\class-redux-ajax-typography.php:26

authwp_ajax_redux_color_schemesredux-core\inc\extensions\color_scheme\class-redux-extension-color-scheme.php:78

authwp_ajax_redux_custom_fontsredux-core\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:141

authwp_ajax_redux_custom_font_timerredux-core\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:142

authwp_ajax_redux_get_iconsredux-core\inc\extensions\icon_select\class-redux-extension-icon-select.php:50

authwp_ajax_redux_delete_widget_arearedux-core\inc\extensions\widget_areas\class-redux-extension-widget-areas.php:54

Shortcodes 7

[bloginfo] redux-core\inc\extensions\shortcodes\class-redux-shortcodes.php:69

[redux_bloginfo] redux-core\inc\extensions\shortcodes\class-redux-shortcodes.php:71

[themeinfo] redux-core\inc\extensions\shortcodes\class-redux-shortcodes.php:75

[redux_themeinfo] redux-core\inc\extensions\shortcodes\class-redux-shortcodes.php:77

[date] redux-core\inc\extensions\shortcodes\class-redux-shortcodes.php:81

[redux_date] redux-core\inc\extensions\shortcodes\class-redux-shortcodes.php:83

[social_profiles] redux-core\inc\extensions\social_profiles\social_profiles\inc\class-redux-social-profiles-shortcode.php:43

WordPress Hooks 94

actionsetup_themeclass-redux-framework-plugin.php:175

actionactivated_pluginclass-redux-framework-plugin.php:200

actionwp_loadedclass-redux-framework-plugin.php:201

actionwpmu_new_blogclass-redux-framework-plugin.php:204

actionadmin_noticesclass-redux-framework-plugin.php:207

filterplugin_row_metaclass-redux-framework-plugin.php:210

filternetwork_admin_plugin_action_linksclass-redux-framework-plugin.php:211

filterplugin_action_linksclass-redux-framework-plugin.php:212

actionplugins_loadedredux-core\class-redux-core.php:222

filterdebug_informationredux-core\class-redux-core.php:350

actionadmin_noticesredux-core\inc\classes\class-redux-admin-notices.php:48

actionadmin_initredux-core\inc\classes\class-redux-admin-notices.php:49

actionafter_setup_themeredux-core\inc\classes\class-redux-api.php:123

actioninitredux-core\inc\classes\class-redux-api.php:124

actionswitch_themeredux-core\inc\classes\class-redux-api.php:125

actionplugins_loadedredux-core\inc\classes\class-redux-api.php:181

actionReduxFrameworkPlugin_admin_noticeredux-core\inc\classes\class-redux-api.php:1743

actionredux_framework_plugin_admin_noticeredux-core\inc\classes\class-redux-api.php:1744

actionadmin_enqueue_scriptsredux-core\inc\classes\class-redux-enqueue.php:58

actionwp_enqueue_scriptsredux-core\inc\classes\class-redux-enqueue.php:61

filterredux/fieldsredux-core\inc\classes\class-redux-extension-abstract.php:169

actionwp_headredux-core\inc\classes\class-redux-functions-ex.php:216

actioninitredux-core\inc\classes\class-redux-i18n.php:26

actionredux/constructredux-core\inc\classes\class-redux-instances.php:75

actionadmin_initredux-core\inc\classes\class-redux-options-constructor.php:63

actionwp_headredux-core\inc\classes\class-redux-output.php:31

actionwp_enqueue_scriptsredux-core\inc\classes\class-redux-output.php:32

actionlogin_headredux-core\inc\classes\class-redux-output.php:37

actionlogin_enqueue_scriptsredux-core\inc\classes\class-redux-output.php:38

actionadmin_headredux-core\inc\classes\class-redux-output.php:43

actionadmin_enqueue_scriptsredux-core\inc\classes\class-redux-output.php:44

filterstyle_loader_tagredux-core\inc\classes\class-redux-output.php:185

filterwp_resource_hintsredux-core\inc\classes\class-redux-output.php:186

actionadmin_menuredux-core\inc\classes\class-redux-page-render.php:49

actionnetwork_admin_menuredux-core\inc\classes\class-redux-page-render.php:53

actionadmin_headredux-core\inc\classes\class-redux-page-render.php:142

filteradmin_footer_textredux-core\inc\classes\class-redux-page-render.php:145

filterdeprecated_file_trigger_errorredux-core\inc\classes\class-redux-panel.php:317

actioncustomize_registerredux-core\inc\extensions\customizer\class-redux-extension-customizer.php:142

actionwp_headredux-core\inc\extensions\customizer\class-redux-extension-customizer.php:143

actioncustomize_save_afterredux-core\inc\extensions\customizer\class-redux-extension-customizer.php:145

actioncustomize_controls_print_scriptsredux-core\inc\extensions\customizer\class-redux-extension-customizer.php:148

actioncustomize_controls_initredux-core\inc\extensions\customizer\class-redux-extension-customizer.php:149

actionwp_enqueue_stylesredux-core\inc\extensions\customizer\class-redux-extension-customizer.php:150

actionredux/extension/customizer/control_initredux-core\inc\extensions\customizer\class-redux-extension-customizer.php:152

actioncustomize_controls_print_stylesredux-core\inc\extensions\customizer\class-redux-extension-customizer.php:155

filterupload_mimesredux-core\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:154

actionwp_headredux-core\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:155

filtertiny_mce_before_initredux-core\inc\extensions\custom_fonts\class-redux-extension-custom-fonts.php:156

actionadmin_footerredux-core\inc\extensions\icon_select\icon_select\class-redux-icon-select.php:388

actioncustomize_controls_print_footer_scriptsredux-core\inc\extensions\icon_select\icon_select\class-redux-icon-select.php:389

filterupload_mimesredux-core\inc\extensions\import_export\class-redux-extension-import-export.php:63

actionsave_postredux-core\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:198

actionpre_post_updateredux-core\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:199

actionadmin_noticesredux-core\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:200

actionadmin_enqueue_scriptsredux-core\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:201

actionthe_postredux-core\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:204

actionloop_endredux-core\inc\extensions\metaboxes\class-redux-extension-metaboxes.php:205

actioninitredux-core\inc\extensions\metaboxes\class-redux-metaboxes-api.php:89

actionadmin_enqueue_scriptsredux-core\inc\extensions\metaboxes\class-redux-metaboxes-api.php:129

actionwp_enqueue_scriptsredux-core\inc\extensions\social_profiles\class-redux-extension-social-profiles.php:115

filterredux/metaboxes/save/before_validateredux-core\inc\extensions\social_profiles\class-redux-extension-social-profiles.php:119

actionwidgets_initredux-core\inc\extensions\social_profiles\social_profiles\inc\class-redux-social-profiles-widget.php:53

actionadmin_noticesredux-core\inc\extensions\taxonomy\class-redux-extension-taxonomy.php:162

actionadmin_enqueue_scriptsredux-core\inc\extensions\taxonomy\class-redux-extension-taxonomy.php:163

actioninitredux-core\inc\extensions\taxonomy\class-redux-taxonomy-api.php:77

actioncreate_termredux-core\inc\extensions\taxonomy\redux-taxonomy-helpers.php:29

actionadmin_noticesredux-core\inc\extensions\users\class-redux-extension-users.php:155

actionadmin_enqueue_scriptsredux-core\inc\extensions\users\class-redux-extension-users.php:156

actionpersonal_options_updateredux-core\inc\extensions\users\class-redux-extension-users.php:161

actionedit_user_profile_updateredux-core\inc\extensions\users\class-redux-extension-users.php:162

actionshow_user_profileredux-core\inc\extensions\users\class-redux-extension-users.php:315

actionedit_user_profileredux-core\inc\extensions\users\class-redux-extension-users.php:316

actionuser_new_formredux-core\inc\extensions\users\class-redux-extension-users.php:317

actioninitredux-core\inc\extensions\users\class-redux-users-api.php:77

actioncreate_termredux-core\inc\extensions\users\redux-users-helpers.php:29

actioninitredux-core\inc\extensions\widget_areas\class-redux-widget-areas.php:72

actionadmin_print_scriptsredux-core\inc\extensions\widget_areas\class-redux-widget-areas.php:76

actionload-widgets.phpredux-core\inc\extensions\widget_areas\class-redux-widget-areas.php:78

actionload-widgets.phpredux-core\inc\extensions\widget_areas\class-redux-widget-areas.php:79

actionadmin_enqueue_scriptsredux-core\inc\themecheck\class-redux-themecheck.php:71

actionadmin_enqueue_scriptsredux-core\inc\themecheck\class-redux-themecheck.php:72

actionthemecheck_checks_loadedredux-core\inc\themecheck\class-redux-themecheck.php:74

actionthemecheck_checks_loadedredux-core\inc\themecheck\class-redux-themecheck.php:75

actioninitredux-core\inc\validation\unique_slug\class-redux-validation-unique-slug.php:82

actioninitredux-core\inc\welcome\class-redux-welcome.php:49

actionadmin_menuredux-core\inc\welcome\class-redux-welcome.php:61

filteradmin_footer_textredux-core\inc\welcome\class-redux-welcome.php:67

actionadmin_headredux-core\inc\welcome\class-redux-welcome.php:68

actionall_admin_noticesredux-framework.php:38

actioninitredux-templates\classes\class-init.php:36

filtertemplate_includeredux-templates\classes\class-templates.php:46

actionwpredux-templates\classes\class-templates.php:49

filteradmin_body_classredux-templates\classes\class-templates.php:62

Maintenance & Trust

Redux Framework Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 7, 2026

PHP min version7.4

Downloads31.5M

Community Trust

Rating88/100

Number of ratings272

Active installs1.0M

Alternatives

Redux Framework Alternatives

CSH Login

csh-login

Modal login form with redirect and styling options.

600 No CVEs

CSH Multiscroll

csh-multiscroll

Add a multiscroll slide to wordpress site

10 No CVEs

Theme Blvd Admin Presence

theme-blvd-admin-presence

When using a theme with Theme Blvd framework version 2.1+, this plugin is will allow you to completely hide the theme's admin presence.

10 No CVEs

One Click Demo Import

one-click-demo-import

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs

Kirki Customizer Framework

kirki

100

The Ultimate Customizer Framework for WordPress Theme Developers

500K No CVEs

Developer Profile

Redux Framework Developer Profile

David Anderson / Team Updraft

16 plugins · 6.4M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1197 days

View full developer profile

Detection Fingerprints

How We Detect Redux Framework

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/redux-framework/redux-core/assets/css/colors/fresh/colors.min.css/wp-content/plugins/redux-framework/redux-core/assets/css/redux-admin.min.css/wp-content/plugins/redux-framework/redux-core/assets/css/vendor/select2.min.css/wp-content/plugins/redux-framework/redux-core/assets/css/vendor/spectrum.min.css/wp-content/plugins/redux-framework/redux-core/assets/css/vendor/qtip.min.css/wp-content/plugins/redux-framework/redux-core/assets/css/vendor/jquery-ui-1.10.0.custom.css/wp-content/plugins/redux-framework/redux-core/assets/css/media.css

Script Paths

/wp-content/plugins/redux-framework/redux-core/assets/js/redux-core.min.js/wp-content/plugins/redux-framework/redux-core/assets/js/redux-fields.min.js/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/select2.js/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/spectrum.js/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/qtip.js/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/jquery-hashchange.js+39 more

Version Parameters

/wp-content/plugins/redux-framework/redux-core/assets/css/colors/fresh/colors.min.css?ver=/wp-content/plugins/redux-framework/redux-core/assets/css/redux-admin.min.css?ver=/wp-content/plugins/redux-framework/redux-core/assets/css/vendor/select2.min.css?ver=/wp-content/plugins/redux-framework/redux-core/assets/css/vendor/spectrum.min.css?ver=/wp-content/plugins/redux-framework/redux-core/assets/css/vendor/qtip.min.css?ver=/wp-content/plugins/redux-framework/redux-core/assets/css/vendor/jquery-ui-1.10.0.custom.css?ver=/wp-content/plugins/redux-framework/redux-core/assets/css/media.css?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/redux-core.min.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/redux-fields.min.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/select2.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/spectrum.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/qtip.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/jquery-hashchange.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/jquery-ui-1.10.0.custom.min.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/jquery-cookie.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/jquery-scrollTo.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/bootstrap-switch.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/modernizr.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/ddsort.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/tinymce.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/iris.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/irt.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/wp-color-picker-alpha.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/wp-color-picker-tabs.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/codemirror.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/edit/continuelist.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/fold/xml-fold.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/fold/brace-fold.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/fold/indent-fold.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/fold/comment-fold.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/fold/markdown-fold.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/fold/css-fold.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/fold/javascript-fold.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/mode/xml/xml.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/mode/css/css.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/mode/javascript/javascript.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/mode/php/php.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/mode/htmlmixed/htmlmixed.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/mode/markdown/markdown.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/display/placeholder.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/lint/lint.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/lint/javascript-lint.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/lint/css-lint.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/lint/htmlhint.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/comment/comment.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/edit/matchbrackets.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/search/search.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/search/match-highlighter.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/search/jump-to-line.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/dialog.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/display/fullscreen.js?ver=/wp-content/plugins/redux-framework/redux-core/assets/js/vendor/codemirror/addon/lint/json-lint.js?ver=

HTML / DOM Fingerprints

CSS Classes

redux-containerredux-mainredux-group-wrapperredux-field-wrapperredux-opts-groupredux-boxredux-noticeredux-main+15 more

Data Attributes

data-iddata-field-iddata-typedata-opt-namedata-redux-field-iddata-redux-opt-name+2 more

JS Globals

reduxredux_optionsredux_experimentsredux_validateredux_save_filtersredux_typography_css

FAQ