WP-Safety

Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) Security & Risk Analysis

wordpress.org/plugins/twentig

Create your website with starter sites, portfolio features, enhanced Gutenberg blocks & patterns. Boost Twenty Twenty-Five or any block theme.

20K active installs v1.9.7 PHP 7.4+ WP 6.7+ Updated Jan 15, 2026
gutenberggutenberg-blocksportfoliotemplateswebsite-templates
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) Safe to Use in 2026?

Generally Safe

Score 100/100

Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "twentig" v1.9.7 plugin demonstrates a strong security posture based on the provided static analysis. All identified entry points, including AJAX handlers, REST API routes, and cron events, appear to be protected by appropriate authentication and permission checks. The code also exhibits good practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped outputs, minimizing risks of SQL injection and cross-site scripting (XSS) vulnerabilities. The absence of any recorded vulnerabilities or CVEs in its history further reinforces this positive assessment, suggesting a well-maintained and secure codebase.

However, a minor concern arises from the presence of file operations and external HTTP requests within the plugin's code. While these operations are not explicitly flagged as problematic in this analysis, they represent potential avenues for security exploits if not handled with extreme care. The lack of taint analysis data is also a limitation; while the static analysis points to good practices, a taint analysis would provide a more definitive picture of how data flows are handled and if any unsanitized inputs could lead to vulnerabilities.

Overall, "twentig" v1.9.7 presents as a secure plugin with a solid foundation of security best practices. The developer has implemented critical security measures like nonce and capability checks effectively. The absence of historical vulnerabilities is a significant strength. The minor points of attention, such as file operations and external requests, are areas where continued vigilance would be prudent, but they do not currently indicate immediate high risks.

Key Concerns

  • File operations found
  • External HTTP requests found
  • Taint analysis data not provided
Vulnerabilities
None known

Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
7 prepared
Unescaped Output
20
222 escaped
Nonce Checks
1
Capability Checks
7
File Operations
4
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared7 total queries

Output Escaping

92% escaped242 total outputs
Attack Surface

Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 1

authwp_ajax_customize_load_starter_contentinc\classic\theme-tools\starters.php:21

REST API Routes 3

GET/wp-json/twentig/v1/update-settingsinc\dashboard\class-twentig-settings.php:30
GET/wp-json/twentig/v1/upload-starter-fileinc\dashboard\class-twentig-website-importer.php:26
GET/wp-json/twentig/v1/install-wordpress-importerinc\dashboard\class-twentig-website-importer.php:38
WordPress Hooks 207
actioninitinc\block-patterns.php:35
actioninitinc\block-patterns.php:89
actioninitinc\block-styles.php:367
actionwp_enqueue_scriptsinc\block-themes.php:23
actionadmin_initinc\block-themes.php:44
actionafter_setup_themeinc\block-themes.php:57
filterblock_type_metadatainc\blocks\columns.php:19
filterrender_block_core/coverinc\blocks\cover.php:63
filterrender_block_core/detailsinc\blocks\details.php:43
filterrender_block_core/galleryinc\blocks\gallery.php:61
filterrender_block_core/navigationinc\blocks\navigation.php:69
filterrender_block_core/post-featured-imageinc\blocks\post-featured-image.php:58
filterrender_block_core/post-templateinc\blocks\post-template.php:49
filterrender_block_core/post-termsinc\blocks\post-terms.php:33
filterrender_block_core/separatorinc\blocks\separator.php:51
filterrender_block_core/imageinc\blocks\shape.php:44
filterrender_block_core/coverinc\blocks\shape.php:45
filterrender_block_core/post-featured-imageinc\blocks\shape.php:46
filterblock_editor_settings_allinc\blocks\shape.php:126
filterrender_block_core/groupinc\blocks\shape.php:182
filterrender_block_core/site-logoinc\blocks\site-logo.php:52
actionenqueue_block_assetsinc\blocks.php:62
actionwp_enqueue_scriptsinc\blocks.php:98
actioninitinc\blocks.php:121
actionwp_enqueue_scriptsinc\blocks.php:141
filterrender_blockinc\blocks.php:190
actionwp_headinc\blocks.php:199
filterdocument_title_partsinc\classic\theme-tools\404.php:30
filterbody_classinc\classic\theme-tools\404.php:37
filter404_templateinc\classic\theme-tools\404.php:48
filterprivate_title_formatinc\classic\theme-tools\404.php:61
filterdisplay_post_statesinc\classic\theme-tools\404.php:76
filtertheme_page_templatesinc\classic\theme-tools\class-twentig-page-templater.php:57
filterwp_insert_post_datainc\classic\theme-tools\class-twentig-page-templater.php:58
filtertemplate_includeinc\classic\theme-tools\class-twentig-page-templater.php:59
actioninitinc\classic\theme-tools\class-twentig-page-templater.php:130
actioncustomize_preview_initinc\classic\theme-tools\class-twentig-starter-loop-posts.php:23
actionpre_get_postsinc\classic\theme-tools\class-twentig-starter-loop-posts.php:36
filterposts_whereinc\classic\theme-tools\class-twentig-starter-loop-posts.php:37
actioncustomize_registerinc\classic\theme-tools\starters.php:23
actionafter_setup_themeinc\classic\theme-tools\starters.php:31
actiondelete_fonts_folderinc\classic\theme-tools\wptt-webfont-loader.php:131
actionadmin_initinc\classic\twentytwenty\block-editor.php:196
actionafter_setup_themeinc\classic\twentytwenty\block-editor.php:284
filtertwentig_block_classesinc\classic\twentytwenty\block-editor.php:347
actioninitinc\classic\twentytwenty\block-editor.php:389
filterwp_theme_json_data_themeinc\classic\twentytwenty\block-editor.php:414
actioncustomize_registerinc\classic\twentytwenty\customizer.php:28
actioncustomize_registerinc\classic\twentytwenty\customizer.php:2265
actioncustomize_preview_initinc\classic\twentytwenty\customizer.php:2322
actioncustomize_controls_enqueue_scriptsinc\classic\twentytwenty\customizer.php:2364
actioncustomize_controls_print_footer_scriptsinc\classic\twentytwenty\customizer.php:2523
filtertwentig_starter_websitesinc\classic\twentytwenty\customizer.php:2594
filtertwentig_font_presetsinc\classic\twentytwenty\font.php:1303
actionwp_enqueue_scriptsinc\classic\twentytwenty\front-style.php:53
filterwp_resource_hintsinc\classic\twentytwenty\front-style.php:71
filterpost_thumbnail_sizeinc\classic\twentytwenty\front-style.php:239
filterbody_classinc\classic\twentytwenty\front-style.php:304
filtertwentytwenty_get_elements_arrayinc\classic\twentytwenty\front-style.php:692
filtertheme_mod_accent_accessible_colorsinc\classic\twentytwenty\front-style.php:760
filtertheme_mod_twentig_accessible_colorsinc\classic\twentytwenty\front-style.php:774
filtertwentig_breakpointsinc\classic\twentytwenty\front-style.php:779
filterwpcf7_load_cssinc\classic\twentytwenty\plugins.php:40
filterwpcf7_load_jsinc\classic\twentytwenty\plugins.php:41
actionwoocommerce_sidebarinc\classic\twentytwenty\plugins.php:45
actionafter_setup_themeinc\classic\twentytwenty\plugins.php:48
filtertwentig_customizer_cssinc\classic\twentytwenty\plugins.php:181
actionwp_enqueue_scriptsinc\classic\twentytwenty\plugins.php:199
filterexcerpt_moreinc\classic\twentytwenty\template-tags.php:18
filterget_the_excerptinc\classic\twentytwenty\template-tags.php:32
filterexcerpt_lengthinc\classic\twentytwenty\template-tags.php:48
filterthe_content_more_linkinc\classic\twentytwenty\template-tags.php:61
filterthe_excerptinc\classic\twentytwenty\template-tags.php:73
filterthe_contentinc\classic\twentytwenty\template-tags.php:75
actionget_template_part_template-parts/contentinc\classic\twentytwenty\template-tags.php:79
filtertwentytwenty_show_categories_in_entry_headerinc\classic\twentytwenty\template-tags.php:98
filtertwentytwenty_post_meta_location_single_topinc\classic\twentytwenty\template-tags.php:123
filtertwentytwenty_post_meta_location_single_bottominc\classic\twentytwenty\template-tags.php:145
filterpost_classinc\classic\twentytwenty\template-tags.php:173
filterpost_thumbnail_htmlinc\classic\twentytwenty\template-tags.php:187
filterhas_post_thumbnailinc\classic\twentytwenty\template-tags.php:224
filterwp_calculate_image_sizesinc\classic\twentytwenty\template-tags.php:275
filterpost_thumbnail_sizeinc\classic\twentytwenty\template-tags.php:284
actionget_template_part_template-parts/featured-imageinc\classic\twentytwenty\template-tags.php:293
filterthe_excerptinc\classic\twentytwenty\template-tags.php:300
actionget_template_part_template-parts/entry-headerinc\classic\twentytwenty\template-tags.php:303
actionget_template_part_template-parts/content-coverinc\classic\twentytwenty\template-tags.php:304
filtercomments_openinc\classic\twentytwenty\template-tags.php:317
filterget_comments_numberinc\classic\twentytwenty\template-tags.php:330
filterget_next_post_excluded_termsinc\classic\twentytwenty\template-tags.php:337
filterget_previous_post_excluded_termsinc\classic\twentytwenty\template-tags.php:338
actionget_template_part_template-parts/navigationinc\classic\twentytwenty\template-tags.php:345
actionwp_enqueue_scriptsinc\classic\twentytwenty\template-tags.php:383
filterrender_blockinc\classic\twentytwenty\template-tags.php:470
filterget_custom_logoinc\classic\twentytwenty\template-tags.php:520
filtertwentytwenty_site_descriptioninc\classic\twentytwenty\template-tags.php:533
filterwp_nav_menu_itemsinc\classic\twentytwenty\template-tags.php:573
filterhas_nav_menuinc\classic\twentytwenty\template-tags.php:581
actionget_template_part_template-parts/modal-menuinc\classic\twentytwenty\template-tags.php:584
actioninitinc\classic\twentytwenty\template-tags.php:605
filtertemplate_includeinc\classic\twentytwenty\template-tags.php:618
filterwidget_textinc\classic\twentytwenty\template-tags.php:625
actioninitinc\classic\twentytwenty\template-tags.php:627
filterhas_nav_menuinc\classic\twentytwenty\template-tags.php:635
filterhas_nav_menuinc\classic\twentytwenty\template-tags.php:640
actionget_template_part_template-parts/footer-menus-widgetsinc\classic\twentytwenty\template-tags.php:644
actionget_footerinc\classic\twentytwenty\template-tags.php:752
filtershould_load_separate_core_block_assetsinc\classic\twentytwenty\template-tags.php:754
filtertwentytwenty_svg_icons_socialinc\classic\twentytwenty\template-tags.php:902
filtertwentytwenty_social_icons_mapinc\classic\twentytwenty\template-tags.php:924
actionafter_setup_themeinc\classic\twentytwenty\twentytwenty.php:33
actionadmin_initinc\classic\twentytwentyone\block-editor.php:269
actionafter_setup_themeinc\classic\twentytwentyone\block-editor.php:354
filtertwenty_twenty_one_content_widthinc\classic\twentytwentyone\block-editor.php:368
filtertwentig_block_classesinc\classic\twentytwentyone\block-editor.php:381
actioninitinc\classic\twentytwentyone\block-editor.php:434
filterwp_theme_json_data_themeinc\classic\twentytwentyone\block-editor.php:459
filterwp_nav_menu_objectsinc\classic\twentytwentyone\class-twentig-nav-menu.php:34
filterwalker_nav_menu_start_elinc\classic\twentytwentyone\class-twentig-nav-menu.php:35
filterwp_nav_menuinc\classic\twentytwentyone\class-twentig-nav-menu.php:36
actioncustomize_registerinc\classic\twentytwentyone\customizer.php:28
actioncustomize_registerinc\classic\twentytwentyone\customizer.php:2612
actioncustomize_preview_initinc\classic\twentytwentyone\customizer.php:2620
actioncustomize_controls_enqueue_scriptsinc\classic\twentytwentyone\customizer.php:2669
actioncustomize_controls_print_footer_scriptsinc\classic\twentytwentyone\customizer.php:3009
actionwidgets_initinc\classic\twentytwentyone\customizer.php:3027
filtertheme_mod_custom_logoinc\classic\twentytwentyone\customizer.php:3045
filtertwentig_starter_websitesinc\classic\twentytwentyone\customizer.php:3154
filtertwentig_font_presetsinc\classic\twentytwentyone\font.php:894
filterexcerpt_moreinc\classic\twentytwentyone\front-end.php:25
filterexcerpt_lengthinc\classic\twentytwentyone\front-end.php:41
filterthe_excerptinc\classic\twentytwentyone\front-end.php:48
actionget_template_part_template-parts/content/content-excerptinc\classic\twentytwentyone\front-end.php:51
filterthe_contentinc\classic\twentytwentyone\front-end.php:58
actionget_template_part_template-parts/content/contentinc\classic\twentytwentyone\front-end.php:61
filterpost_classinc\classic\twentytwentyone\front-end.php:86
filtertwenty_twenty_one_can_show_post_thumbnailinc\classic\twentytwentyone\front-end.php:117
filterrender_blockinc\classic\twentytwentyone\front-end.php:183
filtercomments_openinc\classic\twentytwentyone\front-end.php:196
filterget_comments_numberinc\classic\twentytwentyone\front-end.php:209
filterget_next_post_excluded_termsinc\classic\twentytwentyone\front-end.php:216
filterget_previous_post_excluded_termsinc\classic\twentytwentyone\front-end.php:217
actionget_template_part_template-parts/post/author-bioinc\classic\twentytwentyone\front-end.php:220
filterget_the_archive_title_prefixinc\classic\twentytwentyone\front-end.php:244
filterget_custom_logoinc\classic\twentytwentyone\front-end.php:327
filterbloginfoinc\classic\twentytwentyone\front-end.php:341
filtertheme_mod_custom_logoinc\classic\twentytwentyone\front-end.php:382
actionget_footerinc\classic\twentytwentyone\front-end.php:470
filtershould_load_separate_core_block_assetsinc\classic\twentytwentyone\front-end.php:472
filterwp_nav_menu_objectsinc\classic\twentytwentyone\front-end.php:587
filterwidget_textinc\classic\twentytwentyone\front-end.php:593
actioninitinc\classic\twentytwentyone\front-end.php:595
actionwp_footerinc\classic\twentytwentyone\front-end.php:647
actionwp_enqueue_scriptsinc\classic\twentytwentyone\front-style.php:55
filterwp_resource_hintsinc\classic\twentytwentyone\front-style.php:72
filterpost_thumbnail_sizeinc\classic\twentytwentyone\front-style.php:216
filterbody_classinc\classic\twentytwentyone\front-style.php:360
filterwp_calculate_image_sizesinc\classic\twentytwentyone\front-style.php:1190
filtertwenty_twenty_one_svg_icons_socialinc\classic\twentytwentyone\front-style.php:1283
filtertwenty_twenty_one_social_icons_mapinc\classic\twentytwentyone\front-style.php:1305
filtertwentig_spacing_sizesinc\classic\twentytwentyone\front-style.php:1315
filtertwentig_breakpointsinc\classic\twentytwentyone\front-style.php:1320
filterwpcf7_load_cssinc\classic\twentytwentyone\plugins.php:38
filterwpcf7_load_jsinc\classic\twentytwentyone\plugins.php:39
actionafter_setup_themeinc\classic\twentytwentyone\plugins.php:42
filtertwentig_twentyone_custom_cssinc\classic\twentytwentyone\plugins.php:200
actionwp_enqueue_scriptsinc\classic\twentytwentyone\plugins.php:218
actionafter_setup_themeinc\classic\twentytwentyone\twentytwentyone.php:34
actioninitinc\compat\block-styles.php:208
filterrender_block_core/columnsinc\compat\blocks.php:47
filterrender_block_core/columninc\compat\blocks.php:75
filterrender_block_datainc\compat\blocks.php:98
filterrender_block_core/queryinc\compat\blocks.php:159
filterrender_block_core/galleryinc\compat\blocks.php:195
actionwp_enqueue_scriptsinc\compat\blocks.php:288
actionadmin_initinc\compat\blocks.php:307
actionafter_setup_themeinc\compat\twentytwentyfive.php:63
filterwp_theme_json_data_themeinc\compat\twentytwentyfour.php:42
actionafter_setup_themeinc\compat\twentytwentyfour.php:104
actionwp_enqueue_scriptsinc\compat\twentytwentyfour.php:113
actionadmin_initinc\compat\twentytwentyfour.php:123
filterwp_theme_json_data_themeinc\compat\twentytwentythree.php:35
actionwp_enqueue_scriptsinc\compat\twentytwentythree.php:68
actionwp_enqueue_scriptsinc\compat\twentytwentytwo.php:48
actionadmin_initinc\compat\twentytwentytwo.php:56
filterwp_theme_json_data_themeinc\compat\twentytwentytwo.php:94
filtertwentytwentytwo_block_patternsinc\compat\twentytwentytwo.php:101
actioninitinc\compat\twentytwentytwo.php:104
actionadmin_menuinc\dashboard\class-twentig-dashboard.php:34
actionadmin_initinc\dashboard\class-twentig-dashboard.php:35
actionadmin_enqueue_scriptsinc\dashboard\class-twentig-dashboard.php:36
actionrest_api_initinc\dashboard\class-twentig-dashboard.php:37
actionadmin_initinc\dashboard\class-twentig-settings.php:21
actionplugins_loadedinc\dashboard\class-twentig-settings.php:22
filteruse_widgets_block_editorinc\dashboard\class-twentig-settings.php:136
filterblock_editor_settings_allinc\dashboard\class-twentig-settings.php:139
actionimport_startinc\dashboard\class-twentig-website-importer.php:175
actionwp_import_insert_postinc\dashboard\class-twentig-website-importer.php:176
filterwp_import_existing_postinc\dashboard\class-twentig-website-importer.php:177
filterwp_import_post_data_processedinc\dashboard\class-twentig-website-importer.php:178
filterwp_import_term_metainc\dashboard\class-twentig-website-importer.php:179
actionplugins_loadedinc\init.php:48
actionimport_startinc\twentig_portfolio.php:37
filtermanage_portfolio_posts_columnsinc\twentig_portfolio.php:45
actionmanage_portfolio_posts_custom_columninc\twentig_portfolio.php:46
actioninitinc\twentig_portfolio.php:171
filterdefault_template_typesinc\twentig_portfolio.php:200

Scheduled Events 1

delete_fonts_folder
Maintenance & Trust

Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 15, 2026
PHP min version7.4
Downloads688K

Community Trust

Rating98/100
Number of ratings164
Active installs20K
Alternatives

Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) Alternatives

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder

wdesignkit

A
96

3000+ Elementor Templates, Gutenberg Templates, Widgets Builder for Elementor, Gutenberg & Bricks, Cloud Workspace & Figma Files, 160+ Widgets Library

30K 3 CVEs
BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor

BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor

blockspare

A
95

Highly customizable Gutenberg blocks and starter templates to build blogs, magazines, and business websites. Create post grids, sliders, filters, and …

10K 6 CVEs
Better Block Patterns

Better Block Patterns

better-block-patterns

A
85

Build better WordPress websites faster with our custom block patterns for the Block Editor (Gutenberg).

1K No CVEs
Gutenwave Blocks – Gutenberg Page Builder Blocks for Block Editor & FSE

Gutenwave Blocks – Gutenberg Page Builder Blocks for Block Editor & FSE

gutenwave-blocks

A
100

Build stunning websites with Gutenberg. Free responsive blocks, starter templates & full site editing support in one lightweight plugin.

50 No CVEs
Necessary Blocks – Page Builder, Gutenberg Blocks & Patterns

Necessary Blocks – Page Builder, Gutenberg Blocks & Patterns

necessary-blocks

A
100

Gutenberg blocks to create sites in the Gutenberg Blocks Editor with 50+ necessary blocks, patterns, templates with lots of customizing features.

30 No CVEs
Developer Profile

Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns) Developer Profile

Twentig

1 plugin · 20K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/twentig/dist/blocks/columns/block.css/wp-content/plugins/twentig/dist/blocks/latest-posts/block.css/wp-content/plugins/twentig/dist/blocks/tw-spacing.css/wp-content/plugins/twentig/dist/blocks/tw-spacing-editor.css/wp-content/plugins/twentig/dist/index.css
Script Paths
/wp-content/plugins/twentig/dist/index.js/wp-content/plugins/twentig/dist/js/block-animation.js
Version Parameters
twentig/dist/index.asset.phptwentig/dist/blocks/tw-spacing.css?ver=twentig/dist/blocks/columns/block.css?ver=twentig/dist/blocks/latest-posts/block.css?ver=twentig/dist/index.css?ver=twentig/dist/js/block-animation.js?ver=1.0

HTML / DOM Fingerprints

CSS Classes
tw-sm-hiddentw-md-hiddentw-lg-hiddentw-block-animationtw-animation-tw-duration-
Data Attributes
twAnimationtwAnimationDurationtwAnimationDelay
JS Globals
twentigEditorConfig
FAQ

Frequently Asked Questions about Twentig – Toolkit for Block Theme (Starter Sites, Portfolio, Blocks, Patterns)