Does Serenity Extensions have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Serenity Extensions compatible with WordPress 6.0.11?

According to WordPress.org data, Serenity Extensions 1.1.2 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is Serenity Extensions compatible with PHP 5.6+?

Serenity Extensions requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Serenity Extensions updated?

Serenity Extensions was last updated on Jul 27, 2022. Frequent updates are generally a positive security signal.

What is Serenity Extensions's security score?

Serenity Extensions has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Serenity Extensions Security & Risk Analysis

wordpress.org/plugins/serenity-theme-extensions

This plugin adds widgets required by the Serenity WordPress theme by Themely.

200 active installs v1.1.2 PHP 5.6+ WP 3.8+ Updated Jul 27, 2022

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Serenity Extensions Safe to Use in 2026?

Generally Safe

Score 85/100

Serenity Extensions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "serenity-theme-extensions" v1.1.2 plugin exhibits a strong security posture based on the provided static analysis. The absence of known vulnerabilities and the clean taint analysis are positive indicators. Furthermore, the plugin demonstrates good development practices by avoiding dangerous functions, using prepared statements for all SQL queries, and handling file operations securely. The presence of capability checks is also a good sign for access control.

However, a significant concern arises from the output escaping. With 565 total outputs, only 47% are properly escaped. This means a considerable number of outputs may be vulnerable to Cross-Site Scripting (XSS) attacks if the data being output originates from untrusted sources. While the attack surface appears minimal and there are no direct indications of unsanitized inputs in the taint analysis, unescaped output remains a critical pathway for potential XSS vulnerabilities. The lack of nonce checks, while not necessarily a direct vulnerability in itself without specific AJAX handlers or shortcodes, could be a missed opportunity for reinforcing security on any future endpoints that might be introduced.

In conclusion, the plugin is generally well-secured with no known historical vulnerabilities or critical code flaws. The primary weakness lies in the insufficient output escaping, which presents a tangible risk for XSS. The limited attack surface is a strength, but the unescaped output is a significant area that requires attention to achieve a more robust security profile.

Key Concerns

Insufficient output escaping (47% properly escaped)

Vulnerabilities

None known

Serenity Extensions Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Serenity Extensions Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Serenity Extensions Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

302

263 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

47% escaped565 total outputs

Attack Surface

Serenity Extensions Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actionadmin_enqueue_scriptsinc\widgets.php:17

actionadmin_enqueue_scriptsinc\widgets.php:18

actionwp_headinc\widgets.php:19

actionwidgets_initwidgets\bar_widget.php:129

actionwidgets_initwidgets\counter_widget.php:179

actionload-widgets.phpwidgets\feature_widget.php:17

actionwidgets_initwidgets\feature_widget.php:175

actionwidgets_initwidgets\hero_widget.php:228

actionwidgets_initwidgets\pricing_widget.php:217

actionwidgets_initwidgets\project_widget.php:172

actionwidgets_initwidgets\service_widget.php:129

actionload-widgets.phpwidgets\showcase_widget.php:17

actionwidgets_initwidgets\showcase_widget.php:175

actionwidgets_initwidgets\team_widget.php:187

actionwidgets_initwidgets\testimonial_widget.php:114

Maintenance & Trust

Serenity Extensions Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJul 27, 2022

PHP min version5.6

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

Serenity Extensions Alternatives

No alternatives data available yet.

Developer Profile

Serenity Extensions Developer Profile

themely

4 plugins · 6K total installs

trust score

Avg Security Score

76/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Serenity Extensions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/serenity-theme-extensions/css/widgets.css/wp-content/plugins/serenity-theme-extensions/js/admin.js

Script Paths

/wp-content/plugins/serenity-theme-extensions/js/admin.js

HTML / DOM Fingerprints

CSS Classes

serenity-feature-widgetserenity-service-widgetserenity-testimonial-widgetserenity-team-widgetserenity-hero-widgetserenity-bar-widgetserenity-counter-widgetserenity-pricing-widget+1 more

Data Attributes

data-widget_name

FAQ