WP-Safety

Starter Sites & Templates by Neve Security & Risk Analysis

wordpress.org/plugins/templates-patterns-collection

This plugin gives you access to 100+ templates and ready-to-use starter sites. Neve theme is used for all the designs.

100K active installs v1.2.26 PHP 5.6+ WP 5.5+ Updated Mar 31, 2026
blocksnevepatternsstartertemplates
100
A · Safe
CVEs total1
Unpatched0
Last CVENov 7, 2023
Download
Safety Verdict

Is Starter Sites & Templates by Neve Safe to Use in 2026?

Generally Safe

Score 100/100

Starter Sites & Templates by Neve has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 7, 2023Updated 1mo ago
Risk Assessment

The "templates-patterns-collection" plugin version 1.2.24 exhibits a generally strong security posture, with most entry points properly secured and a high percentage of output escaping. The static analysis reveals good practices such as the exclusive use of prepared statements for SQL queries and a significant number of capability checks. However, the presence of two dangerous `unserialize` functions is a notable concern, as improper handling of serialized data can lead to remote code execution vulnerabilities. While no critical or high severity taint flows were detected, the potential for issues with `unserialize` warrants caution.

The vulnerability history indicates one past medium-severity CVE related to "Exposure of Sensitive Information to an Unauthorized Actor." The fact that this vulnerability is currently patched is positive, but the nature of the past vulnerability suggests a need for vigilance regarding data exposure. The plugin's static analysis shows a limited attack surface with all identified AJAX handlers protected by authentication, which is a significant strength. Despite the positive aspects of code hygiene and protected entry points, the identified dangerous functions and the historical vulnerability prevent a perfect security score. Continued monitoring and rigorous auditing of `unserialize` usage are recommended.

Key Concerns

  • Presence of dangerous `unserialize` function
  • Past medium CVE related to data exposure
Vulnerabilities
1 published

Starter Sites & Templates by Neve Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-47529medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File

Nov 7, 2023 Patched in 1.2.3 (77d)
Version History

Starter Sites & Templates by Neve Release Timeline

v1.2.26Current
v1.2.25
v1.2.24
v1.2.23
v1.2.22
v1.2.21
v1.2.20
v1.2.19
v1.2.18
v1.2.17
v1.2.16
v1.2.15
v1.2.14
v1.2.13
v1.2.12
v1.2.11
v1.2.10
v1.2.9
v1.2.8
v1.2.7
Code Analysis
Analyzed Mar 16, 2026

Starter Sites & Templates by Neve Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
6 prepared
Unescaped Output
4
127 escaped
Nonce Checks
4
Capability Checks
20
File Operations
8
External Requests
11
Bundled Libraries
0

Dangerous Functions Found

unserialize$response = unserialize( $response );includes\TI_Beaver.php:157
unserializeif ( @unserialize( $serialized_string ) !== true && preg_match( '/^[aOs]:/', $serialized_string ) ) includes\TI_Beaver.php:167

SQL Query Safety

100% prepared6 total queries

Output Escaping

97% escaped131 total outputs
Attack Surface

Starter Sites & Templates by Neve Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_skip_subscribeincludes\Admin.php:82
noprivwp_ajax_skip_subscribeincludes\Admin.php:83
authwp_ajax_mark_onboarding_doneincludes\Admin.php:85
noprivwp_ajax_mark_onboarding_doneincludes\Admin.php:86
authwp_ajax_tpc_get_logsincludes\Admin.php:88
authwp_ajax_dismiss_new_tc_noticeincludes\Admin.php:90
WordPress Hooks 45
filterquery_varsincludes\Admin.php:71
actionafter_switch_themeincludes\Admin.php:72
filterneve_dashboard_page_dataincludes\Admin.php:73
actionadmin_menuincludes\Admin.php:74
actionadmin_enqueue_scriptsincludes\Admin.php:75
filterti_tpc_editor_dataincludes\Admin.php:76
actionadmin_initincludes\Admin.php:77
filterthemeisle_sdk_blackfriday_dataincludes\Admin.php:78
actionenqueue_block_editor_assetsincludes\Editor.php:51
actionelementor/editor/before_enqueue_scriptsincludes\Elementor.php:30
actionelementor/editor/before_enqueue_stylesincludes\Elementor.php:31
actionelementor/preview/enqueue_stylesincludes\Elementor.php:32
actionthemeisle_cl_add_property_stateincludes\Importers\Cleanup\Active_State.php:48
actionthemeisle_cl_add_item_to_property_stateincludes\Importers\Cleanup\Active_State.php:49
filterwp_import_postsincludes\Importers\Helpers\Importer_Alterator.php:52
filterwp_import_postsincludes\Importers\Helpers\Importer_Alterator.php:53
filterwp_import_postsincludes\Importers\Helpers\Importer_Alterator.php:54
filterwp_import_termsincludes\Importers\Helpers\Importer_Alterator.php:55
filterwp_insert_post_dataincludes\Importers\Helpers\Importer_Alterator.php:56
filterwp_import_nav_menu_item_argsincludes\Importers\Helpers\Importer_Alterator.php:57
filterintermediate_image_sizes_advancedincludes\Importers\Helpers\Importer_Alterator.php:58
filtertpc_post_content_before_insertincludes\Importers\Helpers\Importer_Alterator.php:59
filtertpc_post_content_processed_termsincludes\Importers\Helpers\Importer_Alterator.php:60
filterwoocommerce_create_pagesincludes\Importers\Plugin_Importer.php:365
filtermasteriyo_create_pagesincludes\Importers\Plugin_Importer.php:370
filterimport_post_meta_keyincludes\Importers\WP\WP_Import.php:68
filterhttp_request_timeoutincludes\Importers\WP\WP_Import.php:69
filterupload_mimesincludes\Importers\WP\WP_Import.php:75
actionadmin_initincludes\License.php:46
filtertiob_license_keyincludes\License.php:47
filterpre_update_optionincludes\License.php:53
actionshutdownincludes\Logger.php:86
filterthemeisle_sdk_hide_dashboard_widgetincludes\Main.php:103
filtertemplates_patterns_collection_feedback_review_messageincludes\Main.php:104
actionrest_api_initincludes\Rest_Server.php:32
filterwp_insert_post_dataincludes\Rest_Server.php:340
actionwp_headincludes\TI_Beaver.php:351
actionfl_builder_before_save_layoutincludes\TI_Beaver.php:352
filterfl_builder_main_menuincludes\TI_Beaver.php:360
actioninittemplates-patterns-collection.php:18
actioninittemplates-patterns-collection.php:19
filterthemeisle_sdk_productstemplates-patterns-collection.php:37
actioninittemplates-patterns-collection.php:66
actionactivated_plugintemplates-patterns-collection.php:96
actionswitch_themetemplates-patterns-collection.php:97
Maintenance & Trust

Starter Sites & Templates by Neve Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 31, 2026
PHP min version5.6
Downloads4.4M

Community Trust

Rating94/100
Number of ratings77
Active installs100K
Alternatives

Starter Sites & Templates by Neve Alternatives

Codeless Cloud Starter Sites

Codeless Cloud Starter Sites

codeless-cloud-starter-sites

A
85

A cloud based service with 30+ templates and starter sites for Specular theme.

0 No CVEs
Extendify

Extendify

extendify

A
100

The best WordPress templates, pattern, and layout library with 1,000+ designs built for the Gutenberg block editor.

500K No CVEs
Qi Blocks

Qi Blocks

qi-blocks

A
94

Qi Blocks is the largest collection of Gutenberg blocks developed by Qode Interactive.

60K 9 CVEs
BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor

blockspare

A
96

Highly customizable Gutenberg blocks and starter templates to build blogs, magazines, and business websites. Create post grids, sliders, filters, and &hellip;

10K 6 CVEs
Blocks Starter Templates

Blocks Starter Templates

blocks-starter-templates

A
92

Starter templates and patterns library. Ready-to-use Gutenberg templates that work with every theme. Created only with in-built WP blocks.

1K No CVEs
Developer Profile

Starter Sites & Templates by Neve Developer Profile

Themeisle

37 plugins · 2.3M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
411 days
View full developer profile
Detection Fingerprints

How We Detect Starter Sites & Templates by Neve

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/templates-patterns-collection/build/index.css/wp-content/plugins/templates-patterns-collection/build/index.js/wp-content/plugins/templates-patterns-collection/blocks/init.js/wp-content/plugins/templates-patterns-collection/blocks/css/style.css/wp-content/plugins/templates-patterns-collection/blocks/css/editor.css/wp-content/plugins/templates-patterns-collection/admin/css/admin.css/wp-content/plugins/templates-patterns-collection/admin/js/admin.js/wp-content/plugins/templates-patterns-collection/admin/js/onboarding.js+7 more
Script Paths
/wp-content/plugins/templates-patterns-collection/build/index.js/wp-content/plugins/templates-patterns-collection/blocks/init.js/wp-content/plugins/templates-patterns-collection/admin/js/admin.js/wp-content/plugins/templates-patterns-collection/admin/js/onboarding.js/wp-content/plugins/templates-patterns-collection/admin/js/import-button.js/wp-content/plugins/templates-patterns-collection/admin/js/templates-cloud.js+5 more
Version Parameters
templates-patterns-collection/build/index.css?ver=templates-patterns-collection/build/index.js?ver=templates-patterns-collection/blocks/init.js?ver=templates-patterns-collection/blocks/css/style.css?ver=templates-patterns-collection/blocks/css/editor.css?ver=templates-patterns-collection/admin/css/admin.css?ver=templates-patterns-collection/admin/js/admin.js?ver=templates-patterns-collection/admin/js/onboarding.js?ver=templates-patterns-collection/admin/js/import-button.js?ver=templates-patterns-collection/admin/js/templates-cloud.js?ver=templates-patterns-collection/admin/js/template-sync.js?ver=templates-patterns-collection/admin/js/template-categories.js?ver=templates-patterns-collection/admin/js/feedback.js?ver=templates-patterns-collection/admin/js/plugin-install.js?ver=templates-patterns-collection/admin/js/customizer-preview.js?ver=

HTML / DOM Fingerprints

CSS Classes
ti-ob-new-template-buttontiob-starter-sites-wrappertiob-templates-cloudtiob-categories-navigationtiob-category-linktiob-template-previewtiob-template-titletiob-template-description+20 more
HTML Comments
<!-- Generated by Themeisle Cloud --><!-- Start of TPC Onboarding --><!-- End of TPC Onboarding --><!-- TPC Admin Notice -->+9 more
Data Attributes
data-tpc-iddata-template-slugdata-category-slugdata-action-typedata-noncedata-template-id+2 more
JS Globals
TIOB_ADMIN_AJAX_URLTIOB_SETTINGSTIOB_ONBOARDING_DATATIOB_TEMPLATES_CLOUD_DATATIOB_PLUGIN_INSTALLER_SETTINGSTIOB_WP_AJAX_URL+1 more
REST Endpoints
/wp-json/templates-patterns-collection/v1/templates/wp-json/templates-patterns-collection/v1/categories/wp-json/templates-patterns-collection/v1/template-sync/wp-json/templates-patterns-collection/v1/feedback/wp-json/templates-patterns-collection/v1/logs
FAQ

Frequently Asked Questions about Starter Sites & Templates by Neve