Does Theme Test Drive have any unpatched vulnerabilities?

No. All known vulnerabilities in Theme Test Drive have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Theme Test Drive compatible with WordPress 4.3.34?

According to WordPress.org data, Theme Test Drive 2.9.1 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Theme Test Drive updated?

Theme Test Drive was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Theme Test Drive's security score?

Theme Test Drive has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Theme Test Drive Security & Risk Analysis

wordpress.org/plugins/theme-test-drive

Safely test drive any theme as an administrator, while visitors use the default one.

8K active installs v2.9.1 PHP + WP 2.3+ Updated Nov 28, 2017

admintestthemethemes

A · Safe

CVEs total1

Unpatched0

Last CVENov 23, 2015

Plugin page Download

Safety Verdict

Is Theme Test Drive Safe to Use in 2026?

Generally Safe

Score 85/100

Theme Test Drive has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 23, 2015Updated 8yr ago

Risk Assessment

The static analysis of theme-test-drive v2.9.1 reveals a generally positive security posture with several good practices in place. The absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events, coupled with the fact that all detected SQL queries use prepared statements, significantly reduces the plugin's attack surface. The presence of nonce and capability checks further strengthens its defenses. However, a notable concern is the low percentage (24%) of properly escaped output. This indicates a potential risk of Cross-Site Scripting (XSS) vulnerabilities, where unescaped user-supplied data could be rendered in the browser, allowing attackers to inject malicious scripts. The historical vulnerability data, while dated (last in 2015), shows a past instance of Cross-Site Scripting, reinforcing the concern around output escaping. The plugin's strengths lie in its limited entry points and secure data handling for SQL. The primary weakness lies in how output is managed, which could be exploited despite other strong security measures.

Key Concerns

Low percentage of properly escaped output
Past XSS vulnerability history

Vulnerabilities

Theme Test Drive Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-f9de946c-941a-41d7-b1c4-440b4fcec9b0-theme-test-drivemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Theme Test Drive <= 2.9 - Reflected Cross-Site Scripting

Nov 23, 2015 Patched in 2.9.1 (2983d)

Code Analysis

Analyzed Mar 16, 2026

Theme Test Drive Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

24% escaped21 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

themedrive_options_page (themedrive.php:326)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Theme Test Drive Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedthemedrive.php:301

filtertemplatethemedrive.php:305

filterstylesheetthemedrive.php:306

actionadmin_menuthemedrive.php:464

Maintenance & Trust

Theme Test Drive Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedNov 28, 2017

PHP min version

Downloads520K

Community Trust

Rating78/100

Number of ratings50

Active installs8K

Alternatives

Theme Test Drive Alternatives

Theme Preview

theme-preview

Allows you test how a theme looks on your site without activating it.

300 No CVEs

Development Theme

development-theme

Let use diferent themes installed for each user role actived.

40 No CVEs

Back To The Theme

back-to-the-theme

See a page with different themes all at once, just like that!

10 No CVEs

BNS Theme Add-Ins

bns-theme-add-ins

Extend the capabilities of WordPress Parent-Themes and Child-Themes

10 No CVEs

Live Theme Preview

live-theme-preview

Live Theme Preview allows users to preview themes on their own website before customizing or activating them.

10 No CVEs

Developer Profile

Theme Test Drive Developer Profile

Vladimir Prelovac

20 plugins · 1.0M total installs

trust score

Avg Security Score

87/100

Avg Patch Time

2577 days

View full developer profile

Detection Fingerprints

How We Detect Theme Test Drive

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/theme-test-drive/themedrive.css/wp-content/plugins/theme-test-drive/themedrive.js

Script Paths

/wp-content/plugins/theme-test-drive/themedrive.js

Version Parameters

theme-test-drive/themedrive.js?ver=theme-test-drive/themedrive.css?ver=

HTML / DOM Fingerprints

CSS Classes

theme-switchertheme-preview-wrapper

Data Attributes

data-theme-preview-url

JS Globals

themedrive_ajaxurlthemedrive_admin_url

FAQ

Theme Test Drive Security & Risk Analysis

Is Theme Test Drive Safe to Use in 2026?

Generally Safe

Key Concerns

Theme Test Drive Security Vulnerabilities

CVEs by Year

Severity Breakdown

Theme Test Drive Code Analysis

Output Escaping

Data Flow Analysis

Theme Test Drive Attack Surface

Theme Test Drive Maintenance & Trust

Maintenance Signals

Community Trust

Theme Test Drive Alternatives

Theme Preview

Development Theme

Back To The Theme

BNS Theme Add-Ins

Live Theme Preview

Theme Test Drive Developer Profile

How We Detect Theme Test Drive

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Theme Test Drive