Does Themebeez Toolkit have any unpatched vulnerabilities?

Yes — Themebeez Toolkit currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Themebeez Toolkit compatible with WordPress 6.8.5?

According to WordPress.org data, Themebeez Toolkit 1.3.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Themebeez Toolkit compatible with PHP 7.4+?

Themebeez Toolkit requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Themebeez Toolkit updated?

Themebeez Toolkit was last updated on Apr 23, 2025. Frequent updates are generally a positive security signal.

What is Themebeez Toolkit's security score?

Themebeez Toolkit has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Themebeez Toolkit Security & Risk Analysis

wordpress.org/plugins/themebeez-toolkit

A essential toolkit for WordPress themes developed by us. Themebeez Toolkit helps you to import dummy demo contents. It also adds extra features & …

9K active installs v1.3.5 PHP 7.4+ WP 5.6+ Updated Apr 23, 2025

contentdemomenusthemebeezwidgets

B · Generally Safe

CVEs total1

Unpatched1

Last CVEDec 26, 2025

Plugin page Download

Safety Verdict

Is Themebeez Toolkit Safe to Use in 2026?

Mostly Safe

Score 78/100

Themebeez Toolkit is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Dec 26, 2025Updated 11mo ago

Risk Assessment

The "themebeez-toolkit" v1.3.5 plugin exhibits a mixed security posture. While it demonstrates good practices in several areas, such as a high percentage of properly escaped output and a significant portion of SQL queries using prepared statements, there are notable areas of concern. The presence of a dangerous `unserialize` function without apparent context or mitigation, coupled with two unsanitized paths identified in the taint analysis, indicates potential vulnerabilities that could lead to code execution or data corruption if exploited.

The plugin's vulnerability history, including one medium-severity CVE that is currently unpatched, highlights a pattern of security weaknesses. The fact that the last known vulnerability was very recent (December 2025) and remains unpatched is particularly concerning, suggesting a lack of timely security maintenance. The identified "Missing Authorization" as a common vulnerability type further aligns with the static analysis finding of one AJAX handler without authentication checks, which is a direct entry point for unauthorized actions.

In conclusion, while the plugin has some strengths, the identified combination of a dangerous function, unsanitized taint flows, and an unpatched CVE with a history of authorization issues presents a significant risk. The single unprotected AJAX endpoint is a critical oversight that requires immediate attention.

Key Concerns

Unpatched medium CVE
AJAX handler without auth checks
Dangerous function (unserialize)
Taint flows with unsanitized paths

Vulnerabilities

Themebeez Toolkit Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-69010medium · 5.3Missing Authorization

Themebeez Toolkit <= 1.3.5 - Missing Authorization

Dec 26, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Themebeez Toolkit Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

509 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $raw ); // phpcs:ignoreincludes\demo-importer\importer\class-tt-importer-customizer-importer.php:60

SQL Query Safety

71% prepared7 total queries

Output Escaping

93% escaped548 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

<class-simple-mega-menu-fields> (includes\simple-mega-menu\class-simple-mega-menu-fields.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Themebeez Toolkit Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 5

authwp_ajax_themebeez_toolkit_import_demo_dataincludes\demo-importer\class-tt-main.php:119

authwp_ajax_simple_mega_menu_fontawesome_icons_list_actionincludes\simple-mega-menu\icon-fonts.php:58

noprivwp_ajax_simple_mega_menu_fontawesome_icons_list_actionincludes\simple-mega-menu\icon-fonts.php:59

authwp_ajax_tt_about_action_dismiss_recommended_actionincludes\theme-info\class-themebeez-toolkit-theme-info.php:201

noprivwp_ajax_tt_about_action_dismiss_recommended_actionincludes\theme-info\class-themebeez-toolkit-theme-info.php:202

WordPress Hooks 49

actioninitincludes\class-themebeez-toolkit.php:148

actionadmin_enqueue_scriptsincludes\class-themebeez-toolkit.php:170

actionwp_dashboard_setupincludes\class-themebeez-toolkit.php:171

filterthemebeez_toolkit_demo_content_importincludes\demo-importer\admin\class-tt-admin-demo-config.php:44

actionthemebeez_toolkit_after_demo_content_importincludes\demo-importer\admin\class-tt-admin-demo-config.php:45

actionadmin_noticesincludes\demo-importer\admin\class-tt-admin.php:29

actionafter_setup_themeincludes\demo-importer\class-themebeez-demo-importer.php:106

actioninitincludes\demo-importer\class-themebeez-demo-importer.php:107

actionadmin_enqueue_scriptsincludes\demo-importer\class-tt-main.php:118

actioninitincludes\demo-importer\class-tt-main.php:120

actionthemebeez_toolkit_starter_templatesincludes\demo-importer\class-tt-main.php:121

filterwxr_importer.pre_process.userincludes\demo-importer\class-tt-main.php:522

filterwxr_importer.pre_process.postincludes\demo-importer\class-tt-main.php:525

filterintermediate_image_sizes_advancedincludes\demo-importer\class-tt-main.php:529

filterimport_post_meta_keyincludes\demo-importer\importer\class-tt-importer-wxr-importer.php:443

filterhttp_request_timeoutincludes\demo-importer\importer\class-tt-importer-wxr-importer.php:444

actionthemebeez_toolkit_load_theme_info_demoincludes\functions.php:99

filterwp_nav_menu_argsincludes\functions.php:121

actioninitincludes\functions.php:136

actionwp_nav_menu_item_custom_fieldsincludes\simple-mega-menu\class-simple-mega-menu-fields.php:34

actionwp_update_nav_menu_itemincludes\simple-mega-menu\class-simple-mega-menu-fields.php:35

actionadmin_enqueue_scriptsincludes\simple-mega-menu\class-simple-mega-menu-fields.php:36

filterwp_edit_nav_menu_walkerincludes\simple-mega-menu\class-simple-mega-menu-walker-filter.php:26

actionadmin_menuincludes\theme-info\class-themebeez-toolkit-theme-info.php:197

actionload-themes.phpincludes\theme-info\class-themebeez-toolkit-theme-info.php:198

actionadmin_enqueue_scriptsincludes\theme-info\class-themebeez-toolkit-theme-info.php:199

actionadmin_headincludes\theme-info\class-themebeez-toolkit-theme-info.php:200

actionadmin_noticesincludes\theme-info\class-themebeez-toolkit-theme-info.php:525

actionafter_setup_themeincludes\theme-info\configs\cream-blog-config.php:317

actionafter_setup_themeincludes\theme-info\configs\cream-blog-pro-config.php:229

actionafter_setup_themeincludes\theme-info\configs\cream-magazine-config.php:398

actionafter_setup_themeincludes\theme-info\configs\cream-magazine-pro-config.php:292

actionafter_setup_themeincludes\theme-info\configs\fascinate-config.php:345

actionafter_setup_themeincludes\theme-info\configs\fascinate-pro-config.php:256

actionafter_setup_themeincludes\theme-info\configs\orchid-store-config.php:327

actionafter_setup_themeincludes\theme-info\configs\royale-news-config.php:318

actionafter_setup_themeincludes\theme-info\configs\royale-news-pro-config.php:202

actionafter_setup_themeincludes\theme-info\configs\styleblog-plus-config.php:238

actioninitincludes\udp\class-udp-agent.php:76

actionadmin_initincludes\udp\class-udp-agent.php:77

actioninitincludes\udp\class-udp-agent.php:80

actionadmin_initincludes\udp\init.php:53

actionload-index.phpincludes\udp\init.php:113

actionadmin_noticesincludes\udp\init.php:116

actioncc_udp_agent_send_dataincludes\udp\init.php:178

actionafter_switch_themeincludes\udp\init.php:183

actionactivate_pluginincludes\udp\init.php:212

actiondeactivate_pluginincludes\udp\init.php:222

actionswitch_themeincludes\udp\init.php:253

Scheduled Events 3

cc_udp_agent_send_data

Maintenance & Trust

Themebeez Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 23, 2025

PHP min version7.4

Downloads300K

Community Trust

Rating100/100

Number of ratings1

Active installs9K

Alternatives

Themebeez Toolkit Alternatives

Everest Toolkit

everest-toolkit

A essential toolkit for themes made by everestthemes (everestthemes.com). Everest toolkit helps you to setup your website or blog faster.

2K No CVEs

Century ToolKit

century-toolkit

ToolKit for WordPress themes and demo content importer for themes.

800 1 unpatched

Ammu Demo Import

ammu-demo-import

100

A plugin to install demo content to themes developed by Ammuthemes.

400 No CVEs

Perfectwpthemes Toolkit

perfectwpthemes-toolkit

An essential toolkit for themes made by perfectwpthemes (https://perfectwpthemes.com/). Perfectwpthemes Toolkit works only with the WordPress themes b …

200 No CVEs

Mirrorgrid Demo Importer

mirrorgrid-demo-importer

ToolKit for Mirrorgrid themes and demo content importer for themes.

30 No CVEs

Developer Profile

Themebeez Toolkit Developer Profile

themebeez

8 plugins · 27K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

135 days

View full developer profile

Detection Fingerprints

How We Detect Themebeez Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/themebeez-toolkit/assets/css/themebeez-toolkit-public.css/wp-content/plugins/themebeez-toolkit/assets/js/themebeez-toolkit-public.js/wp-content/plugins/themebeez-toolkit/admin/css/themebeez-toolkit-admin.css/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-admin.js/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-plugin-options.js/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-settings.js/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-wizard.js

Script Paths

/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-admin.js/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-plugin-options.js/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-settings.js/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-wizard.js

Version Parameters

/wp-content/plugins/themebeez-toolkit/assets/css/themebeez-toolkit-public.css?ver=/wp-content/plugins/themebeez-toolkit/assets/js/themebeez-toolkit-public.js?ver=/wp-content/plugins/themebeez-toolkit/admin/css/themebeez-toolkit-admin.css?ver=/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-admin.js?ver=/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-plugin-options.js?ver=/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-settings.js?ver=/wp-content/plugins/themebeez-toolkit/admin/js/themebeez-toolkit-wizard.js?ver=

HTML / DOM Fingerprints

CSS Classes

tt-rss-feedcommunity-events-footer

Data Attributes

data-custom-contentdata-custom-iddata-custom-targetdata-custom-typedata-titledata-theme-color+3 more

JS Globals

themebeez_toolkit_paramsthemebeez_wizard_params

FAQ