WP-Safety

ThemeZee Widget Bundle Security & Risk Analysis

wordpress.org/plugins/themezee-widget-bundle

A collection of useful widgets, neatly bundled into a single plugin.

6K active installs v1.7 PHP + WP 5.2+ Updated Dec 20, 2025
recent-postssocial-iconstab-widgetthemezeewidget
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ThemeZee Widget Bundle Safe to Use in 2026?

Generally Safe

Score 100/100

ThemeZee Widget Bundle has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The themezee-widget-bundle plugin version 1.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and having no recorded vulnerabilities or CVEs. This suggests a generally well-maintained codebase regarding common database and known exploit issues. However, the static analysis reveals a significant concern with its attack surface.

The plugin exposes two AJAX handlers, both of which lack authentication checks. This is a critical oversight, as it allows unauthenticated users to trigger functionality within the plugin, potentially leading to unauthorized actions or information disclosure. While the taint analysis found no unsanitized paths or critical/high severity flows, the unauthenticated AJAX endpoints represent a direct avenue for potential exploitation if any unintended functionality is exposed.

Despite the absence of historical vulnerabilities, the lack of authentication on AJAX endpoints presents a clear and present risk. The plugin's strengths lie in its SQL handling and lack of known exploits, but this is overshadowed by the critical exposure of its entry points. A balanced conclusion would be that while the plugin appears to be free of historical vulnerabilities and handles database interactions securely, the critical flaw in its unauthenticated AJAX handlers significantly elevates its risk profile.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping percentage
Vulnerabilities
None known

ThemeZee Widget Bundle Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ThemeZee Widget Bundle Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
124
110 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

47% escaped234 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
display_plugins_page (includes\admin\class-themezee-plugins-page.php:58)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

ThemeZee Widget Bundle Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_widget_conditions_optionsincludes\modules\class-tzwb-widget-visibility.php:34
authwp_ajax_widget_conditions_has_childrenincludes\modules\class-tzwb-widget-visibility.php:35
WordPress Hooks 38
actionadmin_menuincludes\admin\class-themezee-plugins-page.php:31
actionadmin_enqueue_scriptsincludes\admin\class-themezee-plugins-page.php:34
actionsidebar_admin_setupincludes\modules\class-tzwb-widget-visibility.php:31
filterwidget_update_callbackincludes\modules\class-tzwb-widget-visibility.php:32
actionin_widget_formincludes\modules\class-tzwb-widget-visibility.php:33
filterwidget_display_callbackincludes\modules\class-tzwb-widget-visibility.php:39
filtersidebars_widgetsincludes\modules\class-tzwb-widget-visibility.php:40
actiontemplate_redirectincludes\modules\class-tzwb-widget-visibility.php:41
filterthemezee_plugins_settings_tabsincludes\settings\class-tzwb-settings-page.php:31
actionthemezee_plugins_page_widgetsincludes\settings\class-tzwb-settings-page.php:34
actionadmin_initincludes\settings\class-tzwb-settings.php:58
actioncomment_postincludes\widgets\widget-recent-comments.php:39
actiontransition_comment_statusincludes\widgets\widget-recent-comments.php:40
actionswitch_themeincludes\widgets\widget-recent-comments.php:41
actionsave_postincludes\widgets\widget-recent-posts.php:39
actiondeleted_postincludes\widgets\widget-recent-posts.php:40
actionswitch_themeincludes\widgets\widget-recent-posts.php:41
filterexcerpt_lengthincludes\widgets\widget-recent-posts.php:171
filterwalker_nav_menu_start_elincludes\widgets\widget-social-icons.php:39
actionwp_update_nav_menuincludes\widgets\widget-social-icons.php:42
actionswitch_themeincludes\widgets\widget-social-icons.php:43
actionwp_enqueue_scriptsincludes\widgets\widget-tabbed-content.php:39
actionsave_postincludes\widgets\widget-tabbed-content.php:43
actiondeleted_postincludes\widgets\widget-tabbed-content.php:44
actionswitch_themeincludes\widgets\widget-tabbed-content.php:45
actioncomment_postincludes\widgets\widget-tabbed-content.php:46
actiontransition_comment_statusincludes\widgets\widget-tabbed-content.php:47
actionplugins_loadedthemezee-widget-bundle.php:45
filtergutenberg_use_widgets_block_editorthemezee-widget-bundle.php:54
filteruse_widgets_block_editorthemezee-widget-bundle.php:57
actionadmin_noticesthemezee-widget-bundle.php:60
actioninitthemezee-widget-bundle.php:63
actioninitthemezee-widget-bundle.php:130
actionwidgets_initthemezee-widget-bundle.php:133
actionwp_enqueue_scriptsthemezee-widget-bundle.php:136
actionadmin_enqueue_scriptsthemezee-widget-bundle.php:139
actioninitthemezee-widget-bundle.php:142
actionthemezee_plugins_overview_pagethemezee-widget-bundle.php:148
Maintenance & Trust

ThemeZee Widget Bundle Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 20, 2025
PHP min version
Downloads149K

Community Trust

Rating96/100
Number of ratings4
Active installs6K
Alternatives

ThemeZee Widget Bundle Alternatives

WP Tab Widget

WP Tab Widget

wp-tab-widget

A
85

WP Tab Widget is the AJAXified plugin which loads content by demand, and thus it makes the plugin incredibly lightweight.

10K No CVEs
Recent Posts Widget With Thumbnails

Recent Posts Widget With Thumbnails

recent-posts-widget-with-thumbnails

A
100

List the most recent posts with post titles, thumbnails, excerpts, authors, categories, dates and more!

100K No CVEs
Social Icons Widget & Block – Social Media Icons & Share Buttons

Social Icons Widget & Block – Social Media Icons & Share Buttons

social-icons-widget-by-wpzoom

A
96

Social media icons plugin for WordPress - Add 400+ social icons and share buttons. Gutenberg block, widget & Elementor support. GDPR compliant.

100K 3 CVEs
Lightweight Social Icons

Lightweight Social Icons

lightweight-social-icons

A
85

Looking to add simple social icons to your widget areas? Choose the size and color of your icons, and then choose from 47 different social profiles.

30K No CVEs
Social LikeBox & Feed

Social LikeBox & Feed

facebook-by-weblizar

A
99

Display your FaceBook Feed and Like box on your website with this outstanding plugin. It is completely customizable, responsive and the code is search …

10K 1 CVE
Developer Profile

ThemeZee Widget Bundle Developer Profile

ThemeZee

18 plugins · 61K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ThemeZee Widget Bundle

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/themezee-widget-bundle/assets/css/themezee-widget-bundle.css/wp-content/plugins/themezee-widget-bundle/assets/css/tzwb-widget-bgcolor.css
Version Parameters
themezee-widget-bundle/assets/css/themezee-widget-bundle.css?ver=themezee-widget-bundle/assets/css/tzwb-widget-bgcolor.css?ver=

HTML / DOM Fingerprints

CSS Classes
tzwb-recent-commentstzwb-recent-poststzwb-social-iconstzwb-tabbed-contenttzwb-widget-bgcolor
FAQ

Frequently Asked Questions about ThemeZee Widget Bundle