WP-Safety

ThemeZee Toolkit Security & Risk Analysis

wordpress.org/plugins/themezee-toolkit

A collection of useful small plugins and features, neatly bundled into a single plugin.

6K active installs v1.3 PHP 5.6+ WP 4.7+ Updated Jun 6, 2021
infinite-scrollthemezeetoolkitwidget-logicwidget-visibility
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ThemeZee Toolkit Safe to Use in 2026?

Generally Safe

Score 85/100

ThemeZee Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "themezee-toolkit" v1.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerabilities or CVEs. This suggests a generally well-maintained codebase concerning database interactions and past security issues.

However, significant concerns arise from the static analysis. The plugin has two unprotected AJAX entry points, which represent a notable attack surface that lacks proper authentication checks. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential vulnerabilities where untrusted input could lead to unexpected behavior or security risks, although no critical or high severity issues were identified in this area. The lack of nonce checks on these AJAX handlers is a direct concern, as it makes them susceptible to Cross-Site Request Forgery (CSRF) attacks.

While the absence of past vulnerabilities is encouraging, it doesn't negate the immediate risks identified in the current code. The plugin's strength lies in its database hygiene and lack of historical security flaws. The primary weaknesses are the unprotected AJAX endpoints and the identified unsanitized paths, which require immediate attention to mitigate potential exploits.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Missing nonce checks on AJAX
  • Low output escaping percentage
Vulnerabilities
None known

ThemeZee Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ThemeZee Toolkit Release Timeline

v1.3Current
v1.2
Code Analysis
Analyzed Mar 16, 2026

ThemeZee Toolkit Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
24
53 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

69% escaped77 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
display_plugins_page (includes\admin\class-themezee-plugins-page.php:54)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

ThemeZee Toolkit Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_widget_conditions_optionsincludes\modules\class-tztk-widget-visibility.php:30
authwp_ajax_widget_conditions_has_childrenincludes\modules\class-tztk-widget-visibility.php:31
WordPress Hooks 33
actionadmin_menuincludes\admin\class-themezee-plugins-page.php:27
actionadmin_enqueue_scriptsincludes\admin\class-themezee-plugins-page.php:30
actionpre_get_postsincludes\modules\class-tztk-infinite-scroll.php:31
actionadmin_initincludes\modules\class-tztk-infinite-scroll.php:33
actiontemplate_redirectincludes\modules\class-tztk-infinite-scroll.php:34
actiontemplate_redirectincludes\modules\class-tztk-infinite-scroll.php:35
actioncustom_ajax_infinite_scrollincludes\modules\class-tztk-infinite-scroll.php:36
filterinfinite_scroll_query_argsincludes\modules\class-tztk-infinite-scroll.php:37
filterinfinite_scroll_allowed_varsincludes\modules\class-tztk-infinite-scroll.php:38
actionthe_postincludes\modules\class-tztk-infinite-scroll.php:39
actionwp_footerincludes\modules\class-tztk-infinite-scroll.php:40
filtergrunion_contact_form_redirect_urlincludes\modules\class-tztk-infinite-scroll.php:43
actioninfinite_scroll_renderincludes\modules\class-tztk-infinite-scroll.php:121
filterbody_classincludes\modules\class-tztk-infinite-scroll.php:379
actionwp_enqueue_scriptsincludes\modules\class-tztk-infinite-scroll.php:387
actionwp_footerincludes\modules\class-tztk-infinite-scroll.php:389
actionwp_footerincludes\modules\class-tztk-infinite-scroll.php:391
filterinfinite_scroll_resultsincludes\modules\class-tztk-infinite-scroll.php:393
filterposts_whereincludes\modules\class-tztk-infinite-scroll.php:1181
actioninfinite_scroll_renderincludes\modules\class-tztk-infinite-scroll.php:1213
actioninitincludes\modules\class-tztk-infinite-scroll.php:1516
actionsidebar_admin_setupincludes\modules\class-tztk-widget-visibility.php:27
filterwidget_update_callbackincludes\modules\class-tztk-widget-visibility.php:28
actionin_widget_formincludes\modules\class-tztk-widget-visibility.php:29
filterwidget_display_callbackincludes\modules\class-tztk-widget-visibility.php:35
filtersidebars_widgetsincludes\modules\class-tztk-widget-visibility.php:36
actiontemplate_redirectincludes\modules\class-tztk-widget-visibility.php:37
filterthemezee_plugins_settings_tabsincludes\settings\class-tztk-settings-page.php:27
actionthemezee_plugins_page_toolkitincludes\settings\class-tztk-settings-page.php:30
actionadmin_initincludes\settings\class-tztk-settings.php:53
actionplugins_loadedthemezee-toolkit.php:48
actioninitthemezee-toolkit.php:110
actionthemezee_plugins_overview_pagethemezee-toolkit.php:116
Maintenance & Trust

ThemeZee Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJun 6, 2021
PHP min version5.6
Downloads148K

Community Trust

Rating100/100
Number of ratings1
Active installs6K
Alternatives

ThemeZee Toolkit Alternatives

Kirki Customizer Framework

Kirki Customizer Framework

kirki

A
100

The Ultimate Customizer Framework for WordPress Theme Developers

500K No CVEs
Ajax Load More – Infinite Scroll, Load More, & Lazy Load

Ajax Load More – Infinite Scroll, Load More, & Lazy Load

ajax-load-more

B
82

Add infinite scroll, lazy loading, and load more buttons to posts, pages, and WooCommerce products — fast and fully customizable for WordPress.

40K 17 CVEs
BlossomThemes Toolkit

BlossomThemes Toolkit

blossomthemes-toolkit

A
100

BlossomThemes Toolkit provides you necessary widgets for better and effective blogging.

30K No CVEs
Load More Products for WooCommerce

Load More Products for WooCommerce

load-more-products-for-woocommerce

A
100

Load products from next page via AJAX with infinite scrolling or load more products button

20K No CVEs
Catch Infinite Scroll

Catch Infinite Scroll

catch-infinite-scroll

A
100

Catch Infinite Scroll is a WordPress plugin that allows you to add the magic of infinite scrolling with several customization options on your website …

10K No CVEs
Developer Profile

ThemeZee Toolkit Developer Profile

ThemeZee

18 plugins · 61K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ThemeZee Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/themezee-toolkit/assets/css/admin-backend.css/wp-content/plugins/themezee-toolkit/assets/js/admin-backend.js
Script Paths
/wp-content/plugins/themezee-toolkit/assets/js/admin-backend.js
Version Parameters
themezee-toolkit/assets/css/admin-backend.css?ver=themezee-toolkit/assets/js/admin-backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
themezee-plugins-wrapthemezee-plugins-tab-contentnav-tab-activethemezee-plugins-overview
Data Attributes
data-tab
FAQ

Frequently Asked Questions about ThemeZee Toolkit