Does ThemeHunk Customizer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ThemeHunk Customizer compatible with WordPress 6.8.5?

According to WordPress.org data, ThemeHunk Customizer 2.8.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is ThemeHunk Customizer updated?

ThemeHunk Customizer was last updated on Nov 21, 2025. Frequent updates are generally a positive security signal.

What is ThemeHunk Customizer's security score?

ThemeHunk Customizer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ThemeHunk Customizer Security & Risk Analysis

wordpress.org/plugins/themehunk-customizer

ThemeHunk Customiser plugin will add features of testimonial, team and service.

7K active installs v2.8.6 PHP + WP 5.5+ Updated Nov 21, 2025

customizeroneline-liteteamtestimonialthemehunk

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is ThemeHunk Customizer Safe to Use in 2026?

Generally Safe

Score 100/100

ThemeHunk Customizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The security posture of themehunk-customizer v2.8.6 shows mixed signals. On one hand, the plugin has a clean vulnerability history with no known CVEs, suggesting a generally stable development and maintenance process. The use of prepared statements for SQL queries (78%) and the presence of nonce and capability checks (12 and 13 respectively) are positive indicators of secure coding practices.

However, several areas raise concerns. The presence of 6 AJAX handlers without authentication checks presents a significant attack vector. Additionally, while the total number of output escalations is high, only 37% are properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, though limited in scope (4 flows), revealed 4 flows with unsanitized paths, which could lead to issues if these paths are user-controlled, even though no critical or high severity was assigned. The use of dangerous functions like `create_function` is also a red flag, as it can lead to code injection vulnerabilities if not handled with extreme care.

In conclusion, while the lack of historical vulnerabilities is encouraging, the identified code-level risks, particularly unprotected AJAX endpoints and insufficient output escaping, require immediate attention. The plugin benefits from a clean CVE record and reasonable SQL handling, but these strengths are overshadowed by the potential for immediate exploitation through the unprotected entry points and XSS risks. Addressing the unauthenticated AJAX handlers and improving output escaping should be the top priorities for enhancing the security of this plugin.

Key Concerns

Unprotected AJAX handlers
Insufficient output escaping
Unsanitized paths in taint analysis
Use of dangerous function 'create_function'

Vulnerabilities

None known

ThemeHunk Customizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ThemeHunk Customizer Release Timeline

v2.8.5

v2.8.4

v2.8.3

v2.8.1

v2.8.0

v2.7.8

v2.7.7

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.6.9

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

Code Analysis

Analyzed Mar 16, 2026

ThemeHunk Customizer Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

1398

819 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$new_excerpt_more = create_function('$more', 'return " ";');elanzalite\widget\recent-post.php:33

create_function$new_excerpt_length = create_function('$length', "return " . $excerpt_length . ";");elanzalite\widget\recent-post.php:36

SQL Query Safety

78% prepared9 total queries

Output Escaping

37% escaped2217 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

import_data (import\app\app.php:61)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

ThemeHunk Customizer Attack Surface

Entry Points37

Unprotected6

AJAX Handlers 22

authwp_ajax_amaz_store_cat_filter_ajaxamaz-store\amaz-store-admin\woo\woo-ajax.php:7

noprivwp_ajax_amaz_store_cat_filter_ajaxamaz-store\amaz-store-admin\woo\woo-ajax.php:8

authwp_ajax_big_store_cat_filter_ajaxbig-store\big-store-admin\woo\woo-ajax.php:7

noprivwp_ajax_big_store_cat_filter_ajaxbig-store\big-store-admin\woo\woo-ajax.php:8

authwp_ajax_themehunk_customizer_import_processimport\app\app.php:15

authwp_ajax_themehunk_customizer_handler_dataimport\app\app.php:16

authwp_ajax_themehunk_customizer_import_xmlimport\app\app.php:17

authwp_ajax_themehunk_customizer_import_cutomizerimport\app\app.php:18

authwp_ajax_themehunk_customizer_mport_optionsimport\app\app.php:19

authwp_ajax_themehunk_customizer_import_widgetsimport\app\app.php:20

authwp_ajax_themehunk_customizer_sites_coreimport\app\app.php:21

authwp_ajax_themehunk-customizer-sites-wxr-importimport\core\importer\wxr-importer.php:67

authwp_ajax_jot_shop_cat_filter_ajaxjot-shop\jot-shop-admin\woo\woo-ajax.php:7

noprivwp_ajax_jot_shop_cat_filter_ajaxjot-shop\jot-shop-admin\woo\woo-ajax.php:8

authwp_ajax_m_shop_cat_filter_ajaxm-shop\m-shop-admin\woo\woo-ajax.php:11

noprivwp_ajax_m_shop_cat_filter_ajaxm-shop\m-shop-admin\woo\woo-ajax.php:12

authwp_ajax_shopline_product_removeshopline\woo\ajax-woocommerce.php:5

noprivwp_ajax_shopline_product_removeshopline\woo\ajax-woocommerce.php:6

authwp_ajax_shopline_product_count_updateshopline\woo\ajax-woocommerce.php:24

noprivwp_ajax_shopline_product_count_updateshopline\woo\ajax-woocommerce.php:25

authwp_ajax_shopline_popup_productshopline\woo\ajax-woocommerce.php:42

noprivwp_ajax_shopline_popup_productshopline\woo\ajax-woocommerce.php:43

Shortcodes 15

[amaz-store] amaz-store\amaz-store-admin\amaz-store-shortcode.php:33

[big-store] big-store\big-store-admin\big-store-shortcode.php:35

[themehunk-customizer-elanzalite] elanzalite\inc\shortcode.php:89

[themehunk-customizer] featuredlite\inc\shortcode.php:391

[themehunk-customizer-social] featuredlite\inc\shortcode.php:415

[themehunk-customizer-woo] featuredlite\inc\shortcode.php:436

[jot-shop] jot-shop\jot-shop-admin\jot-shop-shortcode.php:35

[m-shop] m-shop\m-shop-admin\m-shop-shortcode.php:38

[themehunk-customizer-oneline-lite] oneline-lite\inc\shortcode.php:195

[themehunk-customizer-social] oneline-lite\inc\shortcode.php:217

[themehunk-customizer-woo] oneline-lite\inc\shortcode.php:238

[themehunk-customizer-header] shopline\inc\custom-function.php:156

[themehunk-customizer] shopline\inc\shortcode.php:983

[themehunk-customizer-social] shopline\inc\shortcode.php:1004

[themehunk-customizer-woo] shopline\inc\shortcode.php:1021

WordPress Hooks 151

actionadmin_enqueue_scriptsamaz-store\amaz-store-admin\widget\about-us-widget.php:12

actionwidgets_initamaz-store\amaz-store-admin\widget\about-us-widget.php:17

actionwidgets_initamaz-store\amaz-store-admin\widget\post-single-slide-widget.php:6

actioncustomize_controls_enqueue_scriptsamaz-store\amaz-store-admin\woo\amaz-store-admin.php:481

actionamaz_store_below_footeramaz-store\amaz-store-admin\woo\amaz-store-admin.php:514

actioncustomize_registeramaz-store\customizer\customizer.php:87

filterpt-ocdi/disable_pt_brandingamaz-store\demo\import.php:2

filterpt-ocdi/regenerate_thumbnails_in_content_importamaz-store\demo\import.php:3

filterpt-ocdi/import_filesamaz-store\demo\import.php:22

actionpt-ocdi/after_importamaz-store\demo\import.php:89

actioncustomize_controls_enqueue_scriptsbig-store\big-store-admin\woo\big-store-admin.php:9

actioncustomize_controls_print_stylesbig-store\big-store-admin\woo\big-store-admin.php:16

actionbig_store_shop_default_below_footerbig-store\big-store-admin\woo\big-store-admin.php:542

actioncustomize_registerbig-store\customizer\customizer.php:60

filterpt-ocdi/disable_pt_brandingbig-store\demo\import.php:2

filterpt-ocdi/regenerate_thumbnails_in_content_importbig-store\demo\import.php:3

filterpt-ocdi/import_filesbig-store\demo\import.php:47

actionpt-ocdi/after_importbig-store\demo\import.php:111

actioncustomize_controls_enqueue_scriptselanzalite\customizer\custom-customizer.php:7

actioncustomize_registerelanzalite\customizer\customizer.php:3038

actionwp_headelanzalite\inc\custom-style.php:408

actioninitelanzalite\inc\install.php:5

actionwidgets_initelanzalite\inc\install.php:18

filterexcerpt_lengthelanzalite\inc\install.php:84

filterexcerpt_moreelanzalite\inc\install.php:89

actionwp_enqueue_scriptselanzalite\inc\install.php:152

actionadmin_enqueue_scriptselanzalite\inc\install.php:158

filterexcerpt_moreelanzalite\widget\recent-post.php:34

filterexcerpt_lengthelanzalite\widget\recent-post.php:38

actioncustomize_controls_enqueue_scriptsfeaturedlite\customizer\custom-customizer.php:13

actioncustomize_controls_print_stylesfeaturedlite\customizer\custom-customizer.php:20

actioncustomize_registerfeaturedlite\customizer\customizer.php:2262

filterpt-ocdi/disable_pt_brandingfeaturedlite\demo\import-data.php:2

filterpt-ocdi/regenerate_thumbnails_in_content_importfeaturedlite\demo\import-data.php:3

filterpt-ocdi/import_filesfeaturedlite\demo\import-data.php:18

actionpt-ocdi/after_importfeaturedlite\demo\import-data.php:67

actionwp_headfeaturedlite\inc\custom-style.php:3

actionwidgets_initfeaturedlite\widget\services.php:7

actionwidgets_initfeaturedlite\widget\team.php:7

actionadmin_enqueue_scriptsfeaturedlite\widget\team.php:12

actionwidgets_initfeaturedlite\widget\testimonial.php:7

actionadmin_enqueue_scriptsfeaturedlite\widget\testimonial.php:14

actioninitimport\admin\init.php:22

actionadmin_enqueue_scriptsimport\admin\init.php:23

actioninitimport\admin\init.php:25

actionadmin_headimport\admin\init.php:26

actionadmin_menuimport\admin\init.php:62

actionadmin_body_classimport\admin\init.php:108

filterupload_mimesimport\core\class-helper.php:31

filterimport_post_meta_keyimport\core\importer\class-wxr-importer.php:322

filterhttp_request_timeoutimport\core\importer\class-wxr-importer.php:323

actionadmin_initimport\core\importer\import-log.php:57

actionthemehunk_import_startimport\core\importer\import-log.php:80

filterupload_mimesimport\core\importer\wxr-importer.php:66

filterwxr_importer.pre_process.userimport\core\importer\wxr-importer.php:68

filterwxr_importer.pre_process.userimport\core\importer\wxr-importer.php:122

filterwp_image_editorsimport\core\importer\wxr-importer.php:125

filterwxr_importer.pre_process.postimport\core\importer\wxr-importer.php:128

actionwxr_importer.processed.postimport\core\importer\wxr-importer.php:131

actionwxr_importer.process_failed.postimport\core\importer\wxr-importer.php:132

actionwxr_importer.process_already_imported.postimport\core\importer\wxr-importer.php:133

actionwxr_importer.process_skipped.postimport\core\importer\wxr-importer.php:134

actionwxr_importer.processed.commentimport\core\importer\wxr-importer.php:135

actionwxr_importer.process_already_imported.commentimport\core\importer\wxr-importer.php:136

actionwxr_importer.processed.termimport\core\importer\wxr-importer.php:137

actionwxr_importer.process_failed.termimport\core\importer\wxr-importer.php:138

actionwxr_importer.process_already_imported.termimport\core\importer\wxr-importer.php:139

actionwxr_importer.processed.userimport\core\importer\wxr-importer.php:140

actionwxr_importer.process_failed.userimport\core\importer\wxr-importer.php:141

filterwp_import_post_metaimport\core\importer\wxr-importer.php:403

filterwxr_importer.pre_process.post_metaimport\core\importer\wxr-importer.php:404

actioninitimport\core\inc.php:25

actioncustomize_registerjot-shop\customizer\customizer.php:53

actioncustomize_registerjot-shop\customizer\pro-button\class-customize.php:48

actioncustomize_controls_enqueue_scriptsjot-shop\customizer\pro-button\class-customize.php:51

filterpt-ocdi/disable_pt_brandingjot-shop\demo\import.php:2

filterpt-ocdi/regenerate_thumbnails_in_content_importjot-shop\demo\import.php:3

filterpt-ocdi/import_filesjot-shop\demo\import.php:39

actionpt-ocdi/after_importjot-shop\demo\import.php:106

actionadmin_enqueue_scriptsjot-shop\jot-shop-admin\widget\about-us-widget.php:12

actionwidgets_initjot-shop\jot-shop-admin\widget\about-us-widget.php:17

actionwidgets_initjot-shop\jot-shop-admin\widget\post-single-slide-widget.php:6

actionjot_shop_below_footerjot-shop\jot-shop-admin\woo\jot-shop-admin.php:529

actioncustomize_registerm-shop\customizer\customizer.php:41

filterpt-ocdi/disable_pt_brandingm-shop\demo\import.php:2

filterpt-ocdi/regenerate_thumbnails_in_content_importm-shop\demo\import.php:3

filterpt-ocdi/import_filesm-shop\demo\import.php:30

actionpt-ocdi/after_importm-shop\demo\import.php:94

actionadmin_initnotify\notify.php:14

actionadmin_noticesnotify\notify.php:19

actionadmin_enqueue_scriptsnotify\notify.php:20

actionadmin_noticesnotify\notify.php:25

actioncustomize_controls_enqueue_scriptsoneline-lite\customizer\custom-customizer.php:13

actioncustomize_controls_print_stylesoneline-lite\customizer\custom-customizer.php:19

actioncustomize_registeroneline-lite\customizer\customizer.php:1611

filterpt-ocdi/disable_pt_brandingoneline-lite\demo\import-data.php:2

filterpt-ocdi/regenerate_thumbnails_in_content_importoneline-lite\demo\import-data.php:3

filterpt-ocdi/import_filesoneline-lite\demo\import-data.php:34

actionpt-ocdi/after_importoneline-lite\demo\import-data.php:85

actionwp_headoneline-lite\inc\custom-style.php:203

actionwidgets_initoneline-lite\inc\install.php:5

actionadmin_enqueue_scriptsoneline-lite\inc\install.php:20

actioncustomize_controls_enqueue_scriptsshopline\customizer\custom-customizer.php:16

actioncustomize_controls_print_stylesshopline\customizer\custom-customizer.php:26

actioncustomize_registershopline\customizer\customizer.php:7810

filterpt-ocdi/disable_pt_brandingshopline\demo\import-shopline-data.php:2

filterpt-ocdi/regenerate_thumbnails_in_content_importshopline\demo\import-shopline-data.php:3

filterpt-ocdi/import_filesshopline\demo\import-shopline-data.php:45

actionpt-ocdi/after_importshopline\demo\import-shopline-data.php:107

actionwp_headshopline\inc\custom-style.php:4

actionwidgets_initshopline\inc\service.php:9

actionwidgets_initshopline\inc\testimonial.php:8

actionwp_enqueue_scriptsshopline\include.php:18

actionshopline_checkoutshopline\include.php:19

actionshopline_myaccountshopline\include.php:20

actionshopline_headershopline\include.php:21

actionshopline_cartshopline\include.php:22

actionshopline_featuredshopline\include.php:23

actionshopline_productshopline\include.php:24

actionshopline_product_slideshopline\include.php:25

actionshopline_cate_imageshopline\include.php:26

actionadmin_enqueue_scriptsshopline\include.php:47

actionwidgets_initshopline\include.php:97

filterwoocommerce_add_to_cart_fragmentsshopline\woo\filter-woocommerce.php:4

filterwoocommerce_add_to_cart_fragmentsshopline\woo\filter-woocommerce.php:19

filterwoocommerce_ajax_loader_urlshopline\woo\filter-woocommerce.php:32

actionwoocommerce_before_single_productshopline\woo\hooks.php:6

actionwoocommerce_single_product_summaryshopline\woo\hooks.php:10

actionwoocommerce_single_product_summaryshopline\woo\hooks.php:11

actionwoocommerce_single_product_summaryshopline\woo\hooks.php:12

actionwoocommerce_single_product_summaryshopline\woo\hooks.php:14

actionwoocommerce_before_single_productshopline\woo\hooks.php:17

actionwoocommerce_before_main_contentshopline\woo\hooks.php:21

actionwoocommerce_before_single_productshopline\woo\hooks.php:23

actionwoocommerce_before_single_productshopline\woo\hooks.php:26

actionwoocommerce_after_main_contentshopline\woo\hooks.php:27

actionwoocommerce_after_main_contentshopline\woo\hooks.php:28

actionwoocommerce_after_main_contentshopline\woo\hooks.php:29

filterloop_shop_per_pageshopline\woo\hooks.php:32

filterloop_shop_columnsshopline\woo\hooks.php:34

actionwp_print_scriptsshopline\woo\woocommerce.php:711

actioncustomize_registerthemehunk\color-picker\color-picker.php:95

actioncustomize_registerthemehunk\custom-customizer.php:387

actioncustomize_controls_enqueue_scriptsthemehunk\custom-customizer.php:392

actioncustomize_controls_print_stylesthemehunk\customizer-radio-image\class\class-themehunk-customize-control-radio-image.php:82

actioncustomize_controls_initthemehunk\customizer-scroll\class\class-themehunk-customize-control-scroll.php:15

actioncustomize_preview_initthemehunk\customizer-scroll\class\class-themehunk-customize-control-scroll.php:16

actioncustomize_preview_initthemehunk\customizer-tabs\class\class-themehunk-customize-control-tabs.php:25

actionafter_setup_themethemehunk-customizer.php:36

actionwidgets_initthemehunk-customizer.php:44

actionwidgets_initthemehunk-customizer.php:49

Maintenance & Trust

ThemeHunk Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 21, 2025

PHP min version

Downloads751K

Community Trust

Rating74/100

Number of ratings3

Active installs7K

Alternatives

ThemeHunk Customizer Alternatives

Hunk Companion

hunk-companion

Adds customizer settings and controls to the Gogo Theme.

6K 2 CVEs

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

cozy-essential-addons

100

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K No CVEs

Organic Builder Widgets – Simple WordPress Page Builder

organic-customizer-widgets

A simple WordPress page builder, Organic Builder Widgets provides a collection of 12 custom widgets to be used in the Customizer as content sections.

4K No CVEs

ThemeFarmer Companion

themefarmer-companion

Advance Extension For ThemeFarmer Theme. enjoy full functionality of ThemeFarmer theme by installing this plugin.

2K No CVEs

Walker Core

walker-core

Walker Core is the companion plugin for WalkerWP Themes, which provides core functionality and custom post type for the themes.

900 1 CVE

Developer Profile

ThemeHunk Customizer Developer Profile

ThemeHunk

49 plugins · 64K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

188 days

View full developer profile

Detection Fingerprints

How We Detect ThemeHunk Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/themehunk-customizer/notify/notify.css/wp-content/plugins/themehunk-customizer/themehunk/customizer-font-selector/css/font-selector.css/wp-content/plugins/themehunk-customizer/themehunk/customizer-font-selector/css/font-selector-frontend.css/wp-content/plugins/themehunk-customizer/themehunk/customizer-range-value/css/range-value.css/wp-content/plugins/themehunk-customizer/themehunk/color-picker/css/color-picker.css/wp-content/plugins/themehunk-customizer/themehunk/customizer-tabs/css/customizer-tabs.css/wp-content/plugins/themehunk-customizer/themehunk/customizer-radio-image/css/radio-image.css/wp-content/plugins/themehunk-customizer/themehunk/customizer-scroll/css/customizer-scroll.css+23 more

Script Paths

/wp-content/plugins/themehunk-customizer/big-store/customizer/js/customizer.js/wp-content/plugins/themehunk-customizer/themehunk/customizer-font-selector/js/font-selector.js/wp-content/plugins/themehunk-customizer/themehunk/customizer-range-value/js/range-value.js/wp-content/plugins/themehunk-customizer/themehunk/color-picker/js/color-picker.js/wp-content/plugins/themehunk-customizer/themehunk/customizer-tabs/js/customizer-tabs.js/wp-content/plugins/themehunk-customizer/themehunk/customizer-radio-image/js/radio-image.js+9 more

Version Parameters

/wp-content/plugins/themehunk-customizer/big-store/customizer/js/customizer.js?ver=/wp-content/plugins/themehunk-customizer/big-store/customizer/customizer.css?ver=

HTML / DOM Fingerprints

CSS Classes

thunk-listthunk-product-imagethunk-product-contentwoocommerce-LoopProduct-titlewoocommerce-loop-product__link

HTML Comments

<!--
//Funtion Category list show
 **********************************************/

Data Attributes

post_class('product',

JS Globals

THEMEHUNK_CUSTOMIZER_PLUGIN_URL

FAQ