Does Tailored Tools have any unpatched vulnerabilities?

Yes — Tailored Tools currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Tailored Tools compatible with WordPress 6.0.11?

According to WordPress.org data, Tailored Tools 1.8.4 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is Tailored Tools updated?

Tailored Tools was last updated on Nov 1, 2022. Frequent updates are generally a positive security signal.

What is Tailored Tools's security score?

Tailored Tools has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tailored Tools Security & Risk Analysis

wordpress.org/plugins/tailored-tools

Contains some helper classes to help you build custom forms.

90 active installs v1.8.4 PHP + WP 3.0+ Updated Nov 1, 2022

C · Use Caution

CVEs total1

Unpatched1

Last CVENov 20, 2024

Download

Safety Verdict

Is Tailored Tools Safe to Use in 2026?

Use With Caution

Score 64/100

Tailored Tools has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Nov 20, 2024Updated 3yr ago

Risk Assessment

The "tailored-tools" plugin v1.8.4 presents a mixed security picture. On the positive side, the plugin demonstrates good practices by having no unprotected entry points, utilizing prepared statements for all SQL queries, and including nonce and capability checks on its identified entry points. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a generally secure static analysis profile. However, significant concerns arise from the output escaping, where only a low 7% of outputs are properly escaped. This, coupled with 4 taint flows with unsanitized paths, indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially considering the plugin's vulnerability history.

The plugin has a history of one known CVE, which is currently unpatched and classified as medium severity, specifically related to Cross-Site Scripting. This recent vulnerability, occurring in late 2024, strongly suggests that the output escaping issues identified in the static analysis are not theoretical but have been exploited or present in past versions. The fact that this vulnerability is unpatched is a critical concern. While the attack surface is small and appears protected, the insufficient output escaping and unsanitized taint flows, combined with a recent unpatched XSS vulnerability, point to a moderate to high-risk plugin. Users should exercise caution until the unpatched vulnerability is addressed and the output escaping is significantly improved.

Key Concerns

Unpatched CVE exists (Medium severity)
Low percentage of properly escaped output (7%)
Taint flows with unsanitized paths (4)
Bundled library (jQuery) might be outdated

Vulnerabilities

Tailored Tools Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-52503medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Tailored Tools <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 20, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Tailored Tools Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQueryTinyMCE

Output Escaping

7% escaped30 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

admin_list_logs (form.contact.php:122)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Tailored Tools Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[tabs] shortcodes.php:14

[pagecontent] shortcodes.php:15

WordPress Hooks 8

actionadd_meta_boxesembed-js.php:14

actionsave_postembed-js.php:15

filtermce_buttonsmce-columns.php:15

filtermce_external_pluginsmce-columns.php:16

filtertailored_tools_mce_columnsmce-columns.php:17

filtertailored_tools_mce_buttonsshortcodes.php:16

actioninittools.php:13

actionplugins_loadedtools.php:39

Maintenance & Trust

Tailored Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedNov 1, 2022

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs90

Alternatives

Tailored Tools Alternatives

No alternatives data available yet.

Developer Profile

Tailored Tools Developer Profile

Tailored Media

1 plugin · 90 total installs

trust score

Avg Security Score

64/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tailored Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tailored-tools/resource/custom.css/wp-content/plugins/tailored-tools/js/jquery.validate.js/wp-content/plugins/tailored-tools/js/jquery.timepicker.js/wp-content/plugins/tailored-tools/js/jquery.geocomplete.js/wp-content/plugins/tailored-tools/js/loader.js

Script Paths

/wp-content/plugins/tailored-tools/js/jquery.validate.js/wp-content/plugins/tailored-tools/js/jquery.timepicker.js/wp-content/plugins/tailored-tools/js/jquery.geocomplete.js/wp-content/plugins/tailored-tools/js/loader.js

Version Parameters

tailored-tools/resource/custom.css?ver=tailored-tools/js/jquery.validate.js?ver=tailored-tools/js/jquery.timepicker.js?ver=tailored-tools/js/jquery.geocomplete.js?ver=tailored-tools/js/loader.js?ver=

HTML / DOM Fingerprints

CSS Classes

ui_tabstab_panelgooglemap

HTML Comments

Data Attributes

data-original-title

JS Globals

google

Shortcode Output

[tabs][pagecontent][googlemap]

FAQ