Does Walker Core have any unpatched vulnerabilities?

No. All known vulnerabilities in Walker Core have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Walker Core compatible with WordPress 6.8.5?

According to WordPress.org data, Walker Core 1.3.18 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Walker Core compatible with PHP 7.3+?

Walker Core requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Walker Core updated?

Walker Core was last updated on Nov 27, 2025. Frequent updates are generally a positive security signal.

What is Walker Core's security score?

Walker Core has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Walker Core Security & Risk Analysis

wordpress.org/plugins/walker-core

Walker Core is the companion plugin for WalkerWP Themes, which provides core functionality and custom post type for the themes.

900 active installs v1.3.18 PHP 7.3+ WP 5.9+ Updated Nov 27, 2025

faqsportfoliosliderteamstestimonial

A · Safe

CVEs total1

Unpatched0

Last CVENov 19, 2025

Plugin page Download

Safety Verdict

Is Walker Core Safe to Use in 2026?

Generally Safe

Score 99/100

Walker Core has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 19, 2025Updated 4mo ago

Risk Assessment

The "walker-core" v1.3.18 plugin exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and incorporating nonce and capability checks, there are notable areas of concern. The presence of a single unprotected AJAX handler represents a significant attack vector, as any unauthenticated user could potentially trigger this handler. The static analysis also reveals that only 52% of output is properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities, especially considering its history of XSS-related CVEs.

The plugin's vulnerability history shows one medium-severity CVE, specifically related to improper neutralization of input, which aligns with the observed low output escaping percentage. The fact that this vulnerability is listed as patched is positive, but the pattern suggests a tendency for input sanitization issues. While there are no critical taint flows or dangerous functions identified, the unprotected entry point and the suboptimal output escaping are significant weaknesses that could be exploited. The bundled Freemius library, if outdated, could also introduce further risks, though no specific version issues are detailed here.

In conclusion, "walker-core" v1.3.18 has strengths in its database interaction and basic security checks. However, the critical finding of an unprotected AJAX handler coupled with a moderate rate of unescaped output creates a tangible risk of exploitation. Addressing the unprotected AJAX endpoint and improving output escaping mechanisms should be the priority for enhancing the plugin's security.

Key Concerns

Unprotected AJAX handler found
Output escaping only 52% proper
One medium CVE in history

Vulnerabilities

Walker Core Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-67552medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Walker Core <= 1.3.17 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 19, 2025 Patched in 1.3.18 (22d)

Code Analysis

Analyzed Mar 16, 2026

Walker Core Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

979

1074 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

52% escaped2053 total outputs

Attack Surface

1 unprotected

Walker Core Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_walker_core_getting_startedincludes\class-walker-core.php:166

WordPress Hooks 61

actioncustomize_registeradmin\customizer\brand-options.php:210

actioncustomize_registeradmin\customizer\faq-options.php:263

actioncustomize_registeradmin\customizer\feature-options.php:324

actioncustomize_registeradmin\customizer\mularx-section-sortable.php:65

actioncustomize_registeradmin\customizer\noticebar-options.php:3

actioncustomize_registeradmin\customizer\portfolio-options.php:264

actioncustomize_registeradmin\customizer\pricing-table.php:191

actioncustomize_registeradmin\customizer\promotion-options.php:83

actioncustomize_registeradmin\customizer\section-reorder-options.php:150

actioncustomize_registeradmin\customizer\team-options.php:312

actioncustomize_registeradmin\customizer\walker-charity-section-order.php:148

actioncustomize_registeradmin\customizer\walker-core-promo-controls.php:24

actioncustomize_registeradmin\customizer\walker-customizer-controls.php:164

actioncustomize_registeradmin\customizer\walkershop-section-sortable.php:68

actioncustomize_registeradmin\customizer.php:249

actioncustomize_registeradmin\customizer.php:296

actionwp_headadmin\functions.php:1356

actionwalkermag_after_dateadmin\functions.php:1387

actionadvanced_import_is_pro_activeadmin\functions.php:1390

actionadmin_menuadmin\register-menu.php:14

actionadmin_menuadmin\register-menu.php:18

actionadmin_menuadmin\register-menu.php:20

actionadmin_menuadmin\register-menu.php:23

actionadmin_menuadmin\register-menu.php:27

actionadmin_menuadmin\register-menu.php:32

actionadmin_menuadmin\register-menu.php:37

actionadmin_menuadmin\register-menu.php:38

actionadmin_menuadmin\register-menu.php:39

actionadmin_menuadmin\register-menu.php:43

actionadmin_menuadmin\register-menu.php:44

actionadmin_menuadmin\register-menu.php:45

actionadmin_menuadmin\register-menu.php:46

actionadmin_initadmin\register-metabox.php:3

actionsave_postadmin\register-metabox.php:260

actioninitadmin\walker-core-posttype.php:112

actioninitadmin\walker-core-posttype.php:153

actioninitadmin\walker-core-posttype.php:182

actionwidgets_initadmin\walker-widgets.php:11

actionwidgets_initadmin\walker-widgets.php:85

actionadmin_enqueue_scriptsadmin\walker-widgets.php:101

actionwidgets_initadmin\walker-widgets.php:358

actionwidgets_initadmin\walker-widgets.php:427

actionwidgets_initadmin\walker-widgets.php:493

actionwidgets_initadmin\walker-widgets.php:600

actionwidgets_initadmin\walker-widgets.php:713

actionwidgets_initadmin\walker-widgets.php:819

actionwidgets_initadmin\walker-widgets.php:957

filterblock_categories_allblocks\class-walkercoreblock.php:38

actionenqueue_block_editor_assetsblocks\class-walkercoreblock.php:40

actioninitblocks\class-walkercoreblock.php:42

actioninitincludes\block-patterns.php:69

actioninitincludes\block-patterns.php:232

actionplugins_loadedincludes\class-walker-core.php:156

actionadmin_initincludes\class-walker-core.php:163

actionadvanced_import_demo_listsincludes\class-walker-core.php:164

actionadmin_menuincludes\class-walker-core.php:165

actionadmin_enqueue_scriptsincludes\class-walker-core.php:180

actionadmin_enqueue_scriptsincludes\class-walker-core.php:181

actionwp_enqueue_scriptsincludes\class-walker-core.php:195

actionwp_enqueue_scriptsincludes\class-walker-core.php:196

actionadmin_noticesincludes\class-walker-core.php:217

Maintenance & Trust

Walker Core Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 27, 2025

PHP min version7.3

Downloads32K

Community Trust

Rating100/100

Number of ratings1

Active installs900

Alternatives

Walker Core Alternatives

Theme Demo Importer and Patterns Library for CozyThemes – Cozy Essential Addons

cozy-essential-addons

100

Cozy Essential Addons is the free WordPress plugin for Custom post type and provides basic skeletal for custom post type list.

7K No CVEs

CPO Content Types

cpo-content-types

100

Add support for special content types in your website, such as a portfolio, features, and slides.

3K 1 CVE

WPshed Theme Extras

wpshed-theme-extras

100

WTE add powerful features to your Theme. It is designed to work with WPshed Themes, but all featured can be used in any other theme.

10 No CVEs

IDT Testimonial

idt-testimonial

Simple plugin to Show testimonials on pages, widgets and posts.

0 No CVEs

Strong Testimonials

strong-testimonials

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs

Developer Profile

Walker Core Developer Profile

WalkerWP

7 plugins · 2K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

22 days

View full developer profile

Detection Fingerprints

How We Detect Walker Core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/walker-core/admin/css/walker-core-admin.css/wp-content/plugins/walker-core/admin/js/walker-core-admin.js

Script Paths

/wp-content/plugins/walker-core/admin/customizer/walkercore-sortable.js

Version Parameters

walker-core/admin/css/walker-core-admin.css?ver=walker-core/admin/js/walker-core-admin.js?ver=walkercore-sortable.js?ver=

HTML / DOM Fingerprints

CSS Classes

walker-core-admin-style

Data Attributes

data-customize-setting-link

JS Globals

window.walker_core_customizer_args

FAQ