Does Theme Switcher Reloaded have any unpatched vulnerabilities?

Yes — Theme Switcher Reloaded currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Theme Switcher Reloaded compatible with WordPress 4.0.38?

According to WordPress.org data, Theme Switcher Reloaded 1.1 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Theme Switcher Reloaded updated?

Theme Switcher Reloaded was last updated on Oct 20, 2014. Frequent updates are generally a positive security signal.

What is Theme Switcher Reloaded's security score?

Theme Switcher Reloaded has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Theme Switcher Reloaded Security & Risk Analysis

wordpress.org/plugins/theme-switcher-reloaded

Theme Switcher Reloaded is an updated and much improved version of the original Theme Switcher. Comes with a widget and can also switch themes via URL …

100 active installs v1.1 PHP + WP 2.9.2+ Updated Oct 20, 2014

changerpresentationpreviewpreview-themeselector

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 25, 2025

Plugin page Download

Safety Verdict

Is Theme Switcher Reloaded Safe to Use in 2026?

Use With Caution

Score 63/100

Theme Switcher Reloaded has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 25, 2025Updated 11yr ago

Risk Assessment

The 'theme-switcher-reloaded' plugin v1.1 presents a mixed security picture. On the positive side, the static analysis indicates a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests. This suggests a deliberate effort to minimize direct interaction points and secure data handling.

However, significant concerns arise from the complete lack of output escaping and the absence of nonce and capability checks. While the attack surface is small, any entry point that does exist is highly susceptible to Cross-Site Scripting (XSS) vulnerabilities due to unescaped output. The history of vulnerabilities, particularly a recent medium severity XSS issue, reinforces this weakness. The presence of an unpatched CVE indicates a critical need for immediate attention, as it represents a known, exploitable flaw that could be leveraged by attackers.

In conclusion, while the plugin demonstrates good practices in areas like SQL handling and minimizing attack vectors, the fundamental lack of output escaping and security checks, coupled with a past and present unpatched vulnerability, creates a significant security risk. Users should proceed with extreme caution and prioritize updating or discontinuing use of this plugin until these issues are addressed.

Key Concerns

Unpatched CVE exists
0% output escaping
0 capability checks
0 nonce checks

Vulnerabilities

Theme Switcher Reloaded Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-53223medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Theme Switcher Reloaded <= 1.1 - Reflected Cross-Site Scripting

Aug 25, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Theme Switcher Reloaded Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped11 total outputs

Attack Surface

Theme Switcher Reloaded Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filtertemplatetheme-switcher-reloaded.php:108

filterstylesheettheme-switcher-reloaded.php:109

actionplugins_loadedtheme-switcher-reloaded.php:178

Maintenance & Trust

Theme Switcher Reloaded Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedOct 20, 2014

PHP min version

Downloads26K

Community Trust

Rating46/100

Number of ratings3

Active installs100

Alternatives

Theme Switcher Reloaded Alternatives

PWD Theme Switcher

pwd-theme-switcher

Change theme to see your changes without saving it just for your session.

60 No CVEs

Theme Preview

theme-preview

Allows you test how a theme looks on your site without activating it.

300 No CVEs

Preview Themes

preview-themes

The Preview Themes plugin allows wordpress users to preview all installed themes without having to activate and deactivate them simultaneously.

10 No CVEs

Wave Your Theme

wave-your-theme

A cool, beautiful method that allows themes to be previewed without activation. It will generate a button on the page link, when clicked, will show th …

10 No CVEs

MW WP Form

mw-wp-form

MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, …

200K 5 CVEs

Developer Profile

Theme Switcher Reloaded Developer Profile

undoIT

1 plugin · 100 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Theme Switcher Reloaded

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/theme-switcher-reloaded/languages/ts_theme_switcher.pot

HTML / DOM Fingerprints

Data Attributes

name="themeswitcher-display"value="list"value="dropdown"name="themeswitcher-name"value="full"value="short"

FAQ