WP-Safety

VillaTheme Core Security & Risk Analysis

wordpress.org/plugins/villatheme-core

VillaTheme Core is designed to seamlessly support and enhance every theme from VillaTheme.

50 active installs v1.0.2 PHP 7.4+ WP 6.7+ Updated Jan 5, 2026
coreimportreduxvillatheme
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is VillaTheme Core Safe to Use in 2026?

Generally Safe

Score 100/100

VillaTheme Core has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "villatheme-core" plugin v1.0.2 demonstrates a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the meticulous use of prepared statements for all SQL queries are significant strengths. Furthermore, the high percentage of properly escaped output and the presence of nonce and capability checks on all identified AJAX handlers indicate good development practices in handling user input and preventing common web vulnerabilities.

However, a few areas warrant attention. While all AJAX handlers are protected by nonce checks, the plugin exposes 7 AJAX handlers in total, which represents a moderate attack surface. The analysis also shows 2 file operations and 2 total flows analyzed by taint analysis, with no unsanitized paths found. The plugin does not appear to bundle any libraries, which is a positive sign for avoiding known vulnerabilities in third-party code.

Overall, this plugin appears to be developed with security in mind, with a clean vulnerability history and robust implementation of core security measures. The main area for consideration is the number of AJAX endpoints, which, while secured, still represent potential entry points that require ongoing vigilance. The low number of identified flows in taint analysis, combined with no critical or high severity issues, suggests a low immediate risk.

Key Concerns

  • Moderate attack surface with 7 AJAX handlers
  • Presence of file operations
Vulnerabilities
None known

VillaTheme Core Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

VillaTheme Core Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
25
300 escaped
Nonce Checks
7
Capability Checks
2
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

92% escaped325 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
villco_load_mega_menu (includes\megamenu\includes\megamenu-settings.php:123)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

VillaTheme Core Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 7

authwp_ajax_villco_import_progressincludes\admin\one-click-demo-import.php:14
authwp_ajax_villco_get_form_settingsincludes\megamenu\includes\megamenu-settings.php:11
authwp_ajax_villco_save_all_settingsincludes\megamenu\includes\megamenu-settings.php:12
authwp_ajax_villco_create_mega_menuincludes\megamenu\includes\megamenu-settings.php:13
authwp_ajax_villco_remove_mega_menuincludes\megamenu\includes\megamenu-settings.php:14
authwp_ajax_villco_button_settingsincludes\megamenu\includes\megamenu-settings.php:15
authwp_ajax_villco_load_mega_menuincludes\megamenu\includes\megamenu-settings.php:33

Shortcodes 2

[villco_current_year] includes\frontend\shortcode.php:6
[villco_product_tag_cloud] includes\frontend\shortcode.php:13
WordPress Hooks 36
actionadmin_menuincludes\admin\dashboard.php:11
filterocdi/plugin_page_setupincludes\admin\one-click-demo-import.php:8
filterocdi/import_filesincludes\admin\one-click-demo-import.php:9
actionocdi/before_content_importincludes\admin\one-click-demo-import.php:10
actionocdi/before_widgets_importincludes\admin\one-click-demo-import.php:11
actionocdi/after_importincludes\admin\one-click-demo-import.php:12
filterocdi/import_successful_buttonsincludes\admin\one-click-demo-import.php:13
actionadmin_menuincludes\admin\plugins.php:8
actioninitincludes\footer-builder\footer-builder.php:10
actionadmin_menuincludes\footer-builder\footer-builder.php:11
actionadmin_bar_menuincludes\footer-builder\footer-builder.php:13
actionvillco_footer_contentincludes\footer-builder\footer-builder.php:15
filterwp_edit_nav_menu_walkerincludes\megamenu\includes\megamenu-settings.php:17
filterwp_nav_menu_argsincludes\megamenu\includes\megamenu-settings.php:18
filternav_menu_css_classincludes\megamenu\includes\megamenu-settings.php:19
filternav_menu_item_titleincludes\megamenu\includes\megamenu-settings.php:20
filternav_menu_link_attributesincludes\megamenu\includes\megamenu-settings.php:21
filterwalker_nav_menu_start_elincludes\megamenu\includes\megamenu-settings.php:25
actionadmin_footerincludes\megamenu\includes\megamenu-settings.php:27
actioninitincludes\megamenu\includes\megamenu-settings.php:29
actionadmin_menuincludes\megamenu\includes\megamenu-settings.php:30
actionadmin_enqueue_scriptsincludes\megamenu\megamenu.php:36
actionwp_enqueue_scriptsincludes\megamenu\megamenu.php:37
actionsave_postincludes\widgets\abstracts-widget.php:56
actiondeleted_postincludes\widgets\abstracts-widget.php:57
actionswitch_themeincludes\widgets\abstracts-widget.php:58
actionwidgets_initincludes\widgets\widget-iconbox.php:198
actionwidgets_initincludes\widgets\widget-pofily.php:76
actionwidgets_initincludes\widgets\widget-post.php:116
actionwidgets_initincludes\widgets\widget-social.php:210
actioninitvillatheme-core.php:40
actionplugins_loadedvillatheme-core.php:41
actionafter_setup_themevillatheme-core.php:42
actionupload_mimesvillatheme-core.php:43
filterscript_loader_tagvillatheme-core.php:44
actionadmin_enqueue_scriptsvillatheme-core.php:45
Maintenance & Trust

VillaTheme Core Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 5, 2026
PHP min version7.4
Downloads455

Community Trust

Rating0/100
Number of ratings0
Active installs50
Alternatives

VillaTheme Core Alternatives

Enhanced Import for SportsPress

Enhanced Import for SportsPress

enhanced-import-for-sportspress

A
100

Extends SportsPress CSV importers with score/results support and enhanced functionality for importing fixtures with match outcomes.

50 No CVEs
EmBe Demo Import

EmBe Demo Import

embe-demo-import

A
85

One-Click Demo Import for Embe theme. Based on Redux Framework.

20 No CVEs
Bootitems Core

Bootitems Core

bootitems-core

A
85

Bootitems Core is a companion plugin for Bootitems Themes, which provides core functionality and extends free themes features by adding functionality …

10 No CVEs
All-in-One WP Migration and Backup

All-in-One WP Migration and Backup

all-in-one-wp-migration

A
90

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs
WordPress Importer

WordPress Importer

wordpress-importer

A
98

Import posts, pages, comments, custom fields, categories, tags and more from a WordPress export file.

2.0M 1 CVE
Developer Profile

VillaTheme Core Developer Profile

VillaTheme

58 plugins · 167K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
214 days
View full developer profile
Detection Fingerprints

How We Detect VillaTheme Core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/villatheme-core/assets/css/backend.css/wp-content/plugins/villatheme-core/assets/css/font-awesome.min.css/wp-content/plugins/villatheme-core/assets/js/backend.js
Script Paths
/wp-content/plugins/villatheme-core/assets/js/backend.js
Version Parameters
villatheme-core/assets/css/backend.css?ver=villatheme-core/assets/css/font-awesome.min.css?ver=villatheme-core/assets/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
villco-menu-item-wrapvillco-menu-wrapper
Data Attributes
data-villco-menu-settings
JS Globals
villco_ajax_backend
FAQ

Frequently Asked Questions about VillaTheme Core