Does Theme Check have any unpatched vulnerabilities?

No. All known vulnerabilities in Theme Check have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Theme Check compatible with WordPress 6.4.8?

According to WordPress.org data, Theme Check 20231220 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Theme Check updated?

Theme Check was last updated on Dec 20, 2023. Frequent updates are generally a positive security signal.

What is Theme Check's security score?

Theme Check has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Theme Check Security & Risk Analysis

wordpress.org/plugins/theme-check

A simple and easy way to test your theme for all the latest WordPress standards and practices. A great theme development tool!

20K active installs v20231220 PHP + WP 3.7+ Updated Dec 20, 2023

guidelinesthemeswordpress-org

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Theme Check Safe to Use in 2026?

Generally Safe

Score 85/100

Theme Check has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The theme-check plugin exhibits a generally strong security posture, particularly in its avoidance of common web vulnerabilities. The absence of any recorded CVEs, unpatched vulnerabilities, or identified dangerous functions is a significant strength. The code analysis shows a commendable approach to security, with all SQL queries using prepared statements and a high percentage of output properly escaped. Furthermore, the plugin demonstrates good practice by implementing nonce and capability checks, indicating an effort to protect against unauthorized actions.

Despite the positive indicators, there are minor areas for concern. The taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high severity in this instance, represent a potential risk. These flows should be meticulously reviewed to ensure they cannot be exploited under any circumstances. The presence of file operations without further context in the static analysis also warrants attention; understanding the nature of these operations and ensuring they are properly secured is crucial. Overall, theme-check appears to be a well-developed and secure plugin, with the identified taint flows being the primary area requiring focused investigation for complete risk mitigation.

Key Concerns

Flows with unsanitized paths found
File operations present in code
79% of output properly escaped

Vulnerabilities

None known

Theme Check Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Theme Check Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

79% escaped57 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

themecheck_do_page (theme-check.php:37)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Theme Check Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_inittheme-check.php:15

actionadmin_menutheme-check.php:16

filterextra_theme_headerstheme-check.php:42

Maintenance & Trust

Theme Check Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedDec 20, 2023

PHP min version

Downloads2.5M

Community Trust

Rating96/100

Number of ratings195

Active installs20K

Alternatives

Theme Check Alternatives

Child Theme Configurator

child-theme-configurator

100

When using the Customizer is not enough - Create a child theme from your installed themes and customize styles, templates, functions and more.

300K No CVEs

Hello Plus

hello-plus

100

Hello+ is a free WordPress plugin designed to work seamlessly with Elementor’s Hello suite of themes.

80K No CVEs

YITH WooCommerce Catalog Mode

yith-woocommerce-catalog-mode

YITH WooCommerce Catalog Mode, a plugin for disabling sales in your e-commerce and turn it into an e-commerce into an online catalogue.

60K 1 CVE

Themesflat Addons For Elementor

themesflat-addons-for-elementor

Themesflat Addons For Elementor plugin you install after Elementor!. Themesflat addon focuses on support for the author build Template Kits

50K 12 CVEs

aThemes Starter Sites

athemes-starter-sites

We've got a full and ever-growing library stocked with ready-made templates for any kind of business.

40K 1 CVE

Developer Profile

Theme Check Developer Profile

WordPress.org

34 plugins · 14.9M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1718 days

View full developer profile

Detection Fingerprints

How We Detect Theme Check

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/theme-check/assets/style.css

Version Parameters

theme-check/assets/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

theme-check

FAQ