WP-Safety

Theme Toolkit Security & Risk Analysis

wordpress.org/plugins/theme-toolkit

Theme toolkit is a plugin to register custom post types, widgets and shortcodes to add additional feature and functionality to any WordPress theme.

100 active installs v1.0.1 PHP 5.2.0+ WP 4.8.5+ Updated Mar 26, 2018
custom-fieldscustom-post-typeextensionmetaboxestheme
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Theme Toolkit Safe to Use in 2026?

Generally Safe

Score 85/100

Theme Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The 'theme-toolkit' plugin version 1.0.1 demonstrates a generally strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are significant strengths. Furthermore, the presence of nonce and capability checks, coupled with a high percentage of properly escaped output, indicates good development practices aimed at preventing common web vulnerabilities.

The plugin has no recorded vulnerability history, including CVEs, which is a very positive indicator. This suggests a consistent effort towards maintaining security. However, the absence of taint analysis results might mean that either no taint flows were found or the analysis was not comprehensive enough to detect potential issues related to data sanitization. While the plugin shows good practices, it's important to remain vigilant as static analysis alone cannot guarantee complete security, and the lack of historical data doesn't preclude future vulnerabilities.

Overall, 'theme-toolkit' v1.0.1 appears to be a well-secured plugin. The lack of critical findings in static analysis and its clean vulnerability history are commendable. The focus on prepared statements, output escaping, and authentication checks are all good signs. The primary area for potential improvement, or at least further investigation, would be to ensure the taint analysis was exhaustive, as this can reveal subtle vulnerabilities missed by other checks.

Key Concerns

  • High percentage of output properly escaped
  • SQL queries use prepared statements
  • No dangerous functions found
  • No file operations found
  • No external HTTP requests found
  • Nonce checks present
  • Capability checks present
  • No known CVEs
  • No taint analysis data provided
Vulnerabilities
None known

Theme Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Theme Toolkit Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
23
208 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

90% escaped231 total outputs
Attack Surface

Theme Toolkit Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[tt-partners] partners\partners-widget.php:293
[tt-portfolio] portfolio\portfolio-widget.php:341
[tt-team] team\team-widget.php:377
[tt-testimonials] testimonials\testimonials-widget.php:195
WordPress Hooks 15
actionwidgets_initpartners\partners-widget.php:18
actioninitpartners\partners.php:61
actionadmin_initpartners\partners.php:69
actionsave_postpartners\partners.php:70
actionwidgets_initportfolio\portfolio-widget.php:18
actioninitportfolio\portfolio.php:61
actioninitportfolio\portfolio.php:86
actionwidgets_initteam\team-widget.php:18
actioninitteam\team.php:61
actionadmin_initteam\team.php:69
actionsave_postteam\team.php:70
actionwidgets_inittestimonials\testimonials-widget.php:18
actioninittestimonials\testimonials.php:61
actionwp_enqueue_scriptstheme-toolkit.php:47
actionplugins_loadedtheme-toolkit.php:88
Maintenance & Trust

Theme Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedMar 26, 2018
PHP min version5.2.0
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Theme Toolkit Alternatives

PT Theme Addon

PT Theme Addon

pt-theme-addon

A
85

Plugin to add team, testimonial portfolio and clients custom post type. Each post type has its widget and shortcode to use in theme.

1K No CVEs
Business Era Extension

Business Era Extension

business-era-extension

A
85

Plugin to extend features of Business Era Theme. This plugin registers custom post types, widgets and custom fields for the Business Era theme.

100 No CVEs
Meta Box

Meta Box

meta-box

A
89

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs
Pods – Custom Content Types and Fields

Pods – Custom Content Types and Fields

pods

A
87

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs
Sydney Toolbox

Sydney Toolbox

sydney-toolbox

A
89

Registers custom post types and custom fields for the Sydney theme

60K 5 CVEs
Developer Profile

Theme Toolkit Developer Profile

ProDesigns

4 plugins · 2K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Theme Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/theme-toolkit/assets/font-awesome/css/font-awesome.min.css/wp-content/plugins/theme-toolkit/assets/main-style.css/wp-content/plugins/theme-toolkit/assets/jquery.mixitup.min.js/wp-content/plugins/theme-toolkit/assets/custom.js
Script Paths
/wp-content/plugins/theme-toolkit/assets/custom.js
Version Parameters
theme-toolkit/assets/font-awesome/css/font-awesome.min.css?ver=4.7.0theme-toolkit/assets/jquery.mixitup.min.js?ver=1.5.5theme-toolkit/assets/custom.js?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
tt-partners-wraptheme_toolkit_partners
Data Attributes
id="theme-toolkit-partners"class="theme_toolkit_partners"
FAQ

Frequently Asked Questions about Theme Toolkit