Does Starter Sites & Templates by Neve have any unpatched vulnerabilities?

No. All known vulnerabilities in Starter Sites & Templates by Neve have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Starter Sites & Templates by Neve compatible with WordPress 6.9.4?

According to WordPress.org data, Starter Sites & Templates by Neve 1.2.24 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Starter Sites & Templates by Neve compatible with PHP 5.6+?

Starter Sites & Templates by Neve requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Starter Sites & Templates by Neve updated?

Starter Sites & Templates by Neve was last updated on Dec 10, 2025. Frequent updates are generally a positive security signal.

What is Starter Sites & Templates by Neve's security score?

Starter Sites & Templates by Neve has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Starter Sites & Templates by Neve Security & Risk Analysis

wordpress.org/plugins/templates-patterns-collection

This plugin gives you access to 100+ templates and ready-to-use starter sites. Neve theme is used for all the designs.

100K active installs v1.2.24 PHP 5.6+ WP 5.5+ Updated Dec 10, 2025

blocksnevepatternsstartertemplates

A · Safe

CVEs total1

Unpatched0

Last CVENov 7, 2023

Download

Safety Verdict

Is Starter Sites & Templates by Neve Safe to Use in 2026?

Generally Safe

Score 100/100

Starter Sites & Templates by Neve has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 7, 2023Updated 3mo ago

Risk Assessment

The "templates-patterns-collection" plugin version 1.2.24 exhibits a generally strong security posture, with most entry points properly secured and a high percentage of output escaping. The static analysis reveals good practices such as the exclusive use of prepared statements for SQL queries and a significant number of capability checks. However, the presence of two dangerous `unserialize` functions is a notable concern, as improper handling of serialized data can lead to remote code execution vulnerabilities. While no critical or high severity taint flows were detected, the potential for issues with `unserialize` warrants caution.

The vulnerability history indicates one past medium-severity CVE related to "Exposure of Sensitive Information to an Unauthorized Actor." The fact that this vulnerability is currently patched is positive, but the nature of the past vulnerability suggests a need for vigilance regarding data exposure. The plugin's static analysis shows a limited attack surface with all identified AJAX handlers protected by authentication, which is a significant strength. Despite the positive aspects of code hygiene and protected entry points, the identified dangerous functions and the historical vulnerability prevent a perfect security score. Continued monitoring and rigorous auditing of `unserialize` usage are recommended.

Key Concerns

Presence of dangerous `unserialize` function
Past medium CVE related to data exposure

Vulnerabilities

Starter Sites & Templates by Neve Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-47529medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File

Nov 7, 2023 Patched in 1.2.3 (77d)

Code Analysis

Analyzed Mar 16, 2026

Starter Sites & Templates by Neve Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

127 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$response = unserialize( $response );includes\TI_Beaver.php:157

unserializeif ( @unserialize( $serialized_string ) !== true && preg_match( '/^[aOs]:/', $serialized_string ) ) includes\TI_Beaver.php:167

SQL Query Safety

100% prepared6 total queries

Output Escaping

97% escaped131 total outputs

Attack Surface

Starter Sites & Templates by Neve Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_skip_subscribeincludes\Admin.php:82

noprivwp_ajax_skip_subscribeincludes\Admin.php:83

authwp_ajax_mark_onboarding_doneincludes\Admin.php:85

noprivwp_ajax_mark_onboarding_doneincludes\Admin.php:86

authwp_ajax_tpc_get_logsincludes\Admin.php:88

authwp_ajax_dismiss_new_tc_noticeincludes\Admin.php:90

WordPress Hooks 45

filterquery_varsincludes\Admin.php:71

actionafter_switch_themeincludes\Admin.php:72

filterneve_dashboard_page_dataincludes\Admin.php:73

actionadmin_menuincludes\Admin.php:74

actionadmin_enqueue_scriptsincludes\Admin.php:75

filterti_tpc_editor_dataincludes\Admin.php:76

actionadmin_initincludes\Admin.php:77

filterthemeisle_sdk_blackfriday_dataincludes\Admin.php:78

actionenqueue_block_editor_assetsincludes\Editor.php:51

actionelementor/editor/before_enqueue_scriptsincludes\Elementor.php:30

actionelementor/editor/before_enqueue_stylesincludes\Elementor.php:31

actionelementor/preview/enqueue_stylesincludes\Elementor.php:32

actionthemeisle_cl_add_property_stateincludes\Importers\Cleanup\Active_State.php:48

actionthemeisle_cl_add_item_to_property_stateincludes\Importers\Cleanup\Active_State.php:49

filterwp_import_postsincludes\Importers\Helpers\Importer_Alterator.php:52

filterwp_import_postsincludes\Importers\Helpers\Importer_Alterator.php:53

filterwp_import_postsincludes\Importers\Helpers\Importer_Alterator.php:54

filterwp_import_termsincludes\Importers\Helpers\Importer_Alterator.php:55

filterwp_insert_post_dataincludes\Importers\Helpers\Importer_Alterator.php:56

filterwp_import_nav_menu_item_argsincludes\Importers\Helpers\Importer_Alterator.php:57

filterintermediate_image_sizes_advancedincludes\Importers\Helpers\Importer_Alterator.php:58

filtertpc_post_content_before_insertincludes\Importers\Helpers\Importer_Alterator.php:59

filtertpc_post_content_processed_termsincludes\Importers\Helpers\Importer_Alterator.php:60

filterwoocommerce_create_pagesincludes\Importers\Plugin_Importer.php:365

filtermasteriyo_create_pagesincludes\Importers\Plugin_Importer.php:370

filterimport_post_meta_keyincludes\Importers\WP\WP_Import.php:68

filterhttp_request_timeoutincludes\Importers\WP\WP_Import.php:69

filterupload_mimesincludes\Importers\WP\WP_Import.php:75

actionadmin_initincludes\License.php:46

filtertiob_license_keyincludes\License.php:47

filterpre_update_optionincludes\License.php:53

actionshutdownincludes\Logger.php:86

filterthemeisle_sdk_hide_dashboard_widgetincludes\Main.php:103

filtertemplates_patterns_collection_feedback_review_messageincludes\Main.php:104

actionrest_api_initincludes\Rest_Server.php:32

filterwp_insert_post_dataincludes\Rest_Server.php:340

actionwp_headincludes\TI_Beaver.php:351

actionfl_builder_before_save_layoutincludes\TI_Beaver.php:352

filterfl_builder_main_menuincludes\TI_Beaver.php:360

actioninittemplates-patterns-collection.php:18

actioninittemplates-patterns-collection.php:19

filterthemeisle_sdk_productstemplates-patterns-collection.php:37

actioninittemplates-patterns-collection.php:66

actionactivated_plugintemplates-patterns-collection.php:96

actionswitch_themetemplates-patterns-collection.php:97

Maintenance & Trust

Starter Sites & Templates by Neve Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 10, 2025

PHP min version5.6

Downloads4.3M

Community Trust

Rating94/100

Number of ratings77

Active installs100K

Alternatives

Starter Sites & Templates by Neve Alternatives

Codeless Cloud Starter Sites

codeless-cloud-starter-sites

A cloud based service with 30+ templates and starter sites for Specular theme.

0 No CVEs

Extendify

extendify

100

The best WordPress templates, pattern, and layout library with 1,000+ designs built for the Gutenberg block editor.

500K No CVEs

Qi Blocks

qi-blocks

Qi Blocks is the largest collection of Gutenberg blocks developed by Qode Interactive.

60K 9 CVEs

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor

blockspare

Highly customizable Gutenberg blocks and starter templates to build blogs, magazines, and business websites. Create post grids, sliders, filters, and …

10K 6 CVEs

Blocks Starter Templates

blocks-starter-templates

Starter templates and patterns library. Ready-to-use Gutenberg templates that work with every theme. Created only with in-built WP blocks.

1K No CVEs

Developer Profile

Starter Sites & Templates by Neve Developer Profile

Themeisle

37 plugins · 2.2M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

420 days

View full developer profile

Detection Fingerprints

How We Detect Starter Sites & Templates by Neve

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/templates-patterns-collection/build/index.css/wp-content/plugins/templates-patterns-collection/build/index.js/wp-content/plugins/templates-patterns-collection/blocks/init.js/wp-content/plugins/templates-patterns-collection/blocks/css/style.css/wp-content/plugins/templates-patterns-collection/blocks/css/editor.css/wp-content/plugins/templates-patterns-collection/admin/css/admin.css/wp-content/plugins/templates-patterns-collection/admin/js/admin.js/wp-content/plugins/templates-patterns-collection/admin/js/onboarding.js+7 more

Script Paths

/wp-content/plugins/templates-patterns-collection/build/index.js/wp-content/plugins/templates-patterns-collection/blocks/init.js/wp-content/plugins/templates-patterns-collection/admin/js/admin.js/wp-content/plugins/templates-patterns-collection/admin/js/onboarding.js/wp-content/plugins/templates-patterns-collection/admin/js/import-button.js/wp-content/plugins/templates-patterns-collection/admin/js/templates-cloud.js+5 more

Version Parameters

templates-patterns-collection/build/index.css?ver=templates-patterns-collection/build/index.js?ver=templates-patterns-collection/blocks/init.js?ver=templates-patterns-collection/blocks/css/style.css?ver=templates-patterns-collection/blocks/css/editor.css?ver=templates-patterns-collection/admin/css/admin.css?ver=templates-patterns-collection/admin/js/admin.js?ver=templates-patterns-collection/admin/js/onboarding.js?ver=templates-patterns-collection/admin/js/import-button.js?ver=templates-patterns-collection/admin/js/templates-cloud.js?ver=templates-patterns-collection/admin/js/template-sync.js?ver=templates-patterns-collection/admin/js/template-categories.js?ver=templates-patterns-collection/admin/js/feedback.js?ver=templates-patterns-collection/admin/js/plugin-install.js?ver=templates-patterns-collection/admin/js/customizer-preview.js?ver=

HTML / DOM Fingerprints

CSS Classes

ti-ob-new-template-buttontiob-starter-sites-wrappertiob-templates-cloudtiob-categories-navigationtiob-category-linktiob-template-previewtiob-template-titletiob-template-description+20 more

HTML Comments

+9 more

Data Attributes

data-tpc-iddata-template-slugdata-category-slugdata-action-typedata-noncedata-template-id+2 more

JS Globals

TIOB_ADMIN_AJAX_URLTIOB_SETTINGSTIOB_ONBOARDING_DATATIOB_TEMPLATES_CLOUD_DATATIOB_PLUGIN_INSTALLER_SETTINGSTIOB_WP_AJAX_URL+1 more

REST Endpoints

/wp-json/templates-patterns-collection/v1/templates/wp-json/templates-patterns-collection/v1/categories/wp-json/templates-patterns-collection/v1/template-sync/wp-json/templates-patterns-collection/v1/feedback/wp-json/templates-patterns-collection/v1/logs

FAQ