Does Small Tools – The Ultimate All-in-One WordPress Utility Toolkit have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Small Tools – The Ultimate All-in-One WordPress Utility Toolkit compatible with WordPress 6.9.4?

According to WordPress.org data, Small Tools – The Ultimate All-in-One WordPress Utility Toolkit 2.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Security & Risk Analysis

wordpress.org/plugins/small-tools

A collection of small but powerful tools to optimize and enhance your WordPress site.

10 active installs v2.3.0 PHP 7.4+ WP 6.0+ Updated Dec 23, 2025

admin-and-site-enhancementsdark-modesmall-toolssmiling-syntaxsvg-upload

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Safe to Use in 2026?

Generally Safe

Score 100/100

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "small-tools" plugin v2.3.0 exhibits a generally strong security posture, with excellent adherence to secure coding practices. The static analysis reveals no instances of dangerous functions, all SQL queries are prepared, and nearly all output is properly escaped. The plugin also demonstrates a robust use of nonces and capability checks, indicating a good awareness of common WordPress security vulnerabilities. Furthermore, the absence of any known CVEs in its history, coupled with no recorded vulnerabilities, suggests a well-maintained and secure codebase over time.

Despite the positive findings, there is one potential area of concern identified in the taint analysis: one flow with an unsanitized path. While the critical and high severity taint flows are zero, this single unsanitized path warrants attention, as it could theoretically lead to issues if exploited in conjunction with other conditions. The plugin's attack surface is limited to four AJAX handlers, all of which appear to have authentication checks, further mitigating risks from this area.

In conclusion, "small-tools" v2.3.0 is a well-secured plugin. The overwhelming majority of security best practices are followed, and its vulnerability history is clean. The single unsanitized path identified in the taint analysis is the sole notable weakness and should be investigated to ensure it does not pose a practical risk.

Key Concerns

Flow with unsanitized path

Vulnerabilities

None known

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Release Timeline

v2.3.0Current

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.0

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

183 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

99% escaped185 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

import_settings (admin\class-small-tools-admin.php:543)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_small_tools_save_settingsadmin\class-small-tools-admin.php:19

authwp_ajax_small_tools_replace_mediaadmin\class-small-tools-admin.php:20

authwp_ajax_small_tools_replace_mediaincludes\class-small-tools.php:53

authwp_ajax_get_attachment_detailsincludes\class-small-tools.php:54

WordPress Hooks 23

actionadmin_menuadmin\class-small-tools-admin.php:11

actionadmin_initadmin\class-small-tools-admin.php:12

actionadmin_initadmin\class-small-tools-admin.php:15

actionadmin_noticesadmin\class-small-tools-admin.php:16

filterupload_mimesadmin\class-small-tools-admin.php:23

filterwp_check_filetype_and_extadmin\class-small-tools-admin.php:24

actionshutdownadmin\class-small-tools-admin.php:209

actionadmin_enqueue_scriptsincludes\class-small-tools-enqueue.php:12

actionadmin_enqueue_scriptsincludes\class-small-tools-enqueue.php:13

filteradmin_body_classincludes\class-small-tools-enqueue.php:16

actionplugins_loadedincludes\class-small-tools.php:12

filterplugin_row_metaincludes\class-small-tools.php:18

filtermedia_row_actionsincludes\class-small-tools.php:51

actionadmin_footerincludes\class-small-tools.php:52

actionadmin_enqueue_scriptsincludes\class-small-tools.php:55

actionadmin_action_small_tools_duplicateincludes\class-small-tools.php:59

filterpost_row_actionsincludes\class-small-tools.php:60

filterpage_row_actionsincludes\class-small-tools.php:61

actioninitincludes\class-small-tools.php:65

actionwp_default_scriptsincludes\class-small-tools.php:69

filterwoocommerce_ajax_variation_thresholdincludes\class-small-tools.php:74

filteradmin_footer_textincludes\class-small-tools.php:79

actionwp_enqueue_scriptsincludes\class-small-tools.php:84

Maintenance & Trust

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 23, 2025

PHP min version7.4

Downloads936

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Alternatives

WP SVG Images

wp-svg-images

Add SVG support to your WP website. Securely upload SVG files, automatic sanitization, Media Library preview.

30K 2 CVEs

WP Dark Mode – Improve Accessibility with AI Powered Dark Theme

wp-dark-mode

Enable dark mode on WordPress without any coding. Improve site accessibility with a stunning dark theme that improves conversion.

20K 4 CVEs

Custom Favicon – Easily Add a Favicon in WordPress

custom-favicon

100

Easily add a custom favicon and Apple touch icon to your WordPress site, including support for dark mode, SVG icons, and admin dashboard branding.

5K No CVEs

Dark Mode for WP Dashboard

dark-mode-for-wp-dashboard

Makes your WordPress admin dashboard in dark mode.

2K 1 CVE

Dark Mode Toggle

dark-mode-toggle

100

Bring dark mode toggle switch to your WordPress website. A simple switch to turn on and off the dark mode. Fast and easy to use.

2K No CVEs

Developer Profile

Small Tools – The Ultimate All-in-One WordPress Utility Toolkit Developer Profile

SmilingSyntax

3 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Small Tools – The Ultimate All-in-One WordPress Utility Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/small-tools/admin/css/small-tools-admin.css/wp-content/plugins/small-tools/admin/css/small-tools-preview.css/wp-content/plugins/small-tools/admin/css/small-tools-tabs.css/wp-content/plugins/small-tools/admin/css/small-tools-dark-mode.css/wp-content/plugins/small-tools/admin/js/small-tools-settings.js

Script Paths

/wp-content/plugins/small-tools/admin/js/small-tools-settings.js

Version Parameters

small-tools-admin.css?ver=small-tools-preview.css?ver=small-tools-tabs.css?ver=small-tools-dark-mode.css?ver=small-tools-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

small-tools-dark-mode

JS Globals

smallToolsSettings

FAQ