Does Sloth Logo Customizer have any unpatched vulnerabilities?

Yes — Sloth Logo Customizer currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Sloth Logo Customizer compatible with WordPress 5.4.19?

According to WordPress.org data, Sloth Logo Customizer 2.0.2 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

How often is Sloth Logo Customizer updated?

Sloth Logo Customizer was last updated on Apr 2, 2020. Frequent updates are generally a positive security signal.

What is Sloth Logo Customizer's security score?

Sloth Logo Customizer has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sloth Logo Customizer Security & Risk Analysis

wordpress.org/plugins/sloth-logo-customizer

Sloth Logo customizer changes the wordpress logo on the login page and enable you to change the support string and url on the blog info widget.

0 active installs v2.0.2 PHP + WP 4.2.4+ Updated Apr 2, 2020

loginlogin-pagelogosupport-urlsuppot

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 17, 2023

Plugin page Download

Safety Verdict

Is Sloth Logo Customizer Safe to Use in 2026?

Use With Caution

Score 64/100

Sloth Logo Customizer has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 17, 2023Updated 6yr ago

Risk Assessment

The "sloth-logo-customizer" plugin v2.0.2 presents a mixed security posture. While the static analysis indicates a small attack surface with no apparent direct entry points like AJAX handlers, REST API routes, shortcodes, or cron events without authentication, significant concerns arise from the code signals. Notably, 100% of output is not properly escaped, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially since there are 16 total outputs. The taint analysis also reveals two flows with unsanitized paths, though these are not classified as critical or high severity, they still indicate potential for issues if user input is not handled carefully.

The vulnerability history further compounds these concerns, with one known medium severity CVE that remains unpatched. The fact that the last vulnerability was a CSRF type in April 2023, and the currently unpatched one is also implied to be CSRF by the common vulnerability type, suggests a pattern of insufficient input validation or protection against state-changing actions. While the plugin has a small attack surface and uses prepared statements for SQL, the lack of output escaping and the unpatched CVE are significant weaknesses that warrant attention.

Key Concerns

Unpatched CVE (medium severity)
All outputs unescaped
Taint flows with unsanitized paths
No capability checks
No nonce checks

Vulnerabilities

Sloth Logo Customizer Security Vulnerabilities

CVEs by Year

1 CVE in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-0603medium · 6.1Cross-Site Request Forgery (CSRF)

Sloth Logo Customizer <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 17, 2023Unpatched

Code Analysis

Analyzed Mar 17, 2026

Sloth Logo Customizer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped16 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

setting (sloth-logo-customizer.php:98)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sloth Logo Customizer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menusloth-logo-customizer.php:30

actionnetwork_admin_menusloth-logo-customizer.php:31

actionlogin_headsloth-logo-customizer.php:32

actionplugins_loadedsloth-logo-customizer.php:33

filterwidget_meta_poweredbysloth-logo-customizer.php:36

Maintenance & Trust

Sloth Logo Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedApr 2, 2020

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Sloth Logo Customizer Alternatives

WP Custom Login

bm-custom-login

100

Customize the WordPress login screen with your own colors, logo, backgrounds, and form styles.

10K No CVEs

My WordPress Login Logo

my-wp-login-logo

100

My WordPress Login Logo lets you to add a custom logo in your wordpress login page instead of the usual wordpress logo and customize your login page.

10K No CVEs

Login Page Styler – Custom WordPress Login Page Customizer & Security

Customize and secure your WordPress login page with logo, backgrounds, templates, custom login URL, reCAPTCHA protection, and login activity logs — no …

3K 3 CVEs

Change Login Page Logo

change-login-page-logo

A simple and easy way to change WordPress login logo, using Change Login Page Logo plugin you can change logo image, logo width, height and logo URL.

1K No CVEs

Eazy Login Logo

eazy-login-logo

Eazy Login Logo changes the default logo on the login screen.

400 No CVEs

Developer Profile

Sloth Logo Customizer Developer Profile

ammar.shahraki

2 plugins · 300 total installs

trust score

Avg Security Score

75/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sloth Logo Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ