Does Woostify Sites Library have any unpatched vulnerabilities?

No. All known vulnerabilities in Woostify Sites Library have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Woostify Sites Library compatible with WordPress 6.9.4?

According to WordPress.org data, Woostify Sites Library 1.6.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Woostify Sites Library compatible with PHP 7.0+?

Woostify Sites Library requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Woostify Sites Library updated?

Woostify Sites Library was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Woostify Sites Library's security score?

Woostify Sites Library has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Woostify Sites Library Security & Risk Analysis

wordpress.org/plugins/woostify-sites-library

A collection of simple, beautiful demo sites for Woostify.

10K active installs v1.6.2 PHP 7.0+ WP 4.4+ Updated Mar 13, 2026

demoone-click-importtheme-demos

A · Safe

CVEs total2

Unpatched0

Last CVEJan 31, 2024

Download

Safety Verdict

Is Woostify Sites Library Safe to Use in 2026?

Generally Safe

Score 99/100

Woostify Sites Library has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 31, 2024Updated 21d ago

Risk Assessment

The 'woostify-sites-library' plugin version 1.6.2 exhibits a mixed security posture. While it demonstrates good practices such as extensive use of prepared statements for SQL queries and proper output escaping, several areas raise concerns. The presence of 4 AJAX handlers without authentication checks represents a direct attack surface that could be exploited for unauthorized actions if these endpoints are sensitive. The taint analysis revealing 7 flows with unsanitized paths, though not classified as critical or high severity in this analysis, suggests potential for unintended data manipulation or injection vulnerabilities if these paths lead to dangerous function calls or external requests. The vulnerability history, with 2 known CVEs including a high and a medium severity vulnerability, points to a pattern of past security weaknesses, even though there are currently no unpatched issues. This historical context, combined with the identified code signals, indicates that while efforts have been made to secure the plugin, vigilance is required.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Historical High severity vulnerability
Historical Medium severity vulnerability

Vulnerabilities

Woostify Sites Library Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2023-6279high · 8.1Missing Authorization

Woostify Sites Library <= 1.4.7 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

Jan 31, 2024 Patched in 1.4.8 (196d)

WF-84003388-c47c-41db-8d2d-4643aa375a89-woostify-sites-librarymedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.4.4 (699d)

Code Analysis

Analyzed Mar 16, 2026

Woostify Sites Library Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

477 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$settings = unserialize( $meta_value );class-woostify-sites.php:3419

unserialize$data = unserialize( $raw );includes\class-woostify-sites-customizer-importer.php:74

unserialize$usermeta = unserialize( $usermeta[0] ); //phpcs:ignoreincludes\class-woostify-sites-elementor.php:430

unserialize$usermeta = unserialize( $usermeta[0] ); //phpcs:ignoreincludes\class-woostify-sites-elementor.php:1431

unserialize$meta_value = unserialize( $usermeta[0] );includes\class-woostify-sites-elementor.php:1577

unserialize$usermeta = unserialize( $usermeta[0] );includes\class-woostify-sites-elementor.php:1599

SQL Query Safety

95% prepared21 total queries

Output Escaping

85% escaped561 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

18 flows7 with unsanitized paths

form_action_url (appsero\client\src\License.php:778)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Woostify Sites Library Attack Surface

Entry Points26

Unprotected4

AJAX Handlers 26

authwp_ajax_woostify_sites_contentclass-woostify-sites.php:269

authwp_ajax_woostify_site_filter_democlass-woostify-sites.php:270

authwp_ajax_woostify_sites_load_more_democlass-woostify-sites.php:271

authwp_ajax_woostify_sites_get_total_content_import_itemsclass-woostify-sites.php:273

authwp_ajax_woostify_sites_update_selected_import_data_infoclass-woostify-sites.php:274

authwp_ajax_woostify_sites_pluginsclass-woostify-sites.php:275

authwp_ajax_woostify_sites_child_themeclass-woostify-sites.php:276

authwp_ajax_woostify_sites_activate_licenseclass-woostify-sites.php:277

authwp_ajax_woostify_sites_selected_import_data_infoclass-woostify-sites.php:278

authwp_ajax_woostify_sites_import_finishedclass-woostify-sites.php:279

authwp_ajax_woostify_sites_feature_activatedclass-woostify-sites.php:284

authwp_ajax_woostify_sites_module_actionclass-woostify-sites.php:285

authwp_ajax_woostify_admin_list_page_demoincludes\admin\class-admin.php:51

noprivwp_ajax_woostify_admin_list_page_demoincludes\admin\class-admin.php:52

authwp_ajax_woostify_modal_templateincludes\class-woostify-sites-elementor.php:207

noprivwp_ajax_woostify_modal_templateincludes\class-woostify-sites-elementor.php:208

authwp_ajax_woostify_get_templateincludes\class-woostify-sites-elementor.php:210

authwp_ajax_woostify_import_templateincludes\class-woostify-sites-elementor.php:211

authwp_ajax_woostify_select_demo_typeincludes\class-woostify-sites-elementor.php:214

noprivwp_ajax_woostify_select_demo_typeincludes\class-woostify-sites-elementor.php:215

authwp_ajax_woostify_list_child_pageincludes\class-woostify-sites-elementor.php:216

noprivwp_ajax_woostify_list_child_pageincludes\class-woostify-sites-elementor.php:217

authwp_ajax_woostify_wishlist_templateincludes\class-woostify-sites-elementor.php:218

noprivwp_ajax_woostify_wishlist_templateincludes\class-woostify-sites-elementor.php:219

authwp_ajax_woostify_list_favoriteincludes\class-woostify-sites-elementor.php:221

noprivwp_ajax_woostify_list_favoriteincludes\class-woostify-sites-elementor.php:222

WordPress Hooks 80

actionswitch_themeappsero\client\src\Insights.php:134

actionswitch_themeappsero\client\src\Insights.php:135

actionadmin_footerappsero\client\src\Insights.php:147

actionadmin_noticesappsero\client\src\Insights.php:165

actionadmin_initappsero\client\src\Insights.php:168

filtercron_schedulesappsero\client\src\Insights.php:174

actionadmin_menuappsero\client\src\License.php:222

actionafter_switch_themeappsero\client\src\License.php:769

actionswitch_themeappsero\client\src\License.php:770

filterpre_set_site_transient_update_pluginsappsero\client\src\Updater.php:42

filterplugins_apiappsero\client\src\Updater.php:43

filterpre_set_site_transient_update_themesappsero\client\src\Updater.php:52

actioninitclass-woostify-sites.php:257

actionadmin_initclass-woostify-sites.php:258

actionadmin_initclass-woostify-sites.php:259

actionadmin_initclass-woostify-sites.php:260

actionadmin_initclass-woostify-sites.php:261

actionadmin_menuclass-woostify-sites.php:262

actionadmin_initclass-woostify-sites.php:263

actionadmin_initclass-woostify-sites.php:264

actionadmin_footerclass-woostify-sites.php:265

filtertgmpa_loadclass-woostify-sites.php:266

actiontgmpa_registerclass-woostify-sites.php:267

actionadmin_initclass-woostify-sites.php:268

actioninitclass-woostify-sites.php:272

filterpt-importer/new_ajax_request_response_dataclass-woostify-sites.php:280

actionimport_startclass-woostify-sites.php:281

actionwoostify_sites_after_all_importclass-woostify-sites.php:282

actionadmin_initclass-woostify-sites.php:283

actionwxr_importer.processed.postclass-woostify-sites.php:286

actionadmin_initclass-woostify-sites.php:287

filterelementor/editor/localize_settingsclass-woostify-sites.php:296

actionadmin_enqueue_scriptsclass-woostify-sites.php:356

filterwoostify_sites_import_filesdemos\demos.php:1139

filterquery_varsdemos\demos.php:1147

actionrest_api_initdemos\demos.php:3854

actiontemplate_redirectdemos\demos.php:3880

actioninitincludes\class-tgm-plugin-activation.php:268

filterload_textdomain_mofileincludes\class-tgm-plugin-activation.php:269

actioninitincludes\class-tgm-plugin-activation.php:272

actionadmin_menuincludes\class-tgm-plugin-activation.php:421

actionadmin_headincludes\class-tgm-plugin-activation.php:422

filterinstall_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:425

filterupdate_plugin_complete_actionsincludes\class-tgm-plugin-activation.php:426

actionadmin_noticesincludes\class-tgm-plugin-activation.php:429

actionadmin_initincludes\class-tgm-plugin-activation.php:430

actionadmin_enqueue_scriptsincludes\class-tgm-plugin-activation.php:431

actionload-plugins.phpincludes\class-tgm-plugin-activation.php:436

actionswitch_themeincludes\class-tgm-plugin-activation.php:439

actionswitch_themeincludes\class-tgm-plugin-activation.php:442

actionadmin_initincludes\class-tgm-plugin-activation.php:447

actionswitch_themeincludes\class-tgm-plugin-activation.php:452

actionload_textdomain_mofileincludes\class-tgm-plugin-activation.php:475

filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:889

actionplugins_loadedincludes\class-tgm-plugin-activation.php:2112

filtertgmpa_table_data_itemsincludes\class-tgm-plugin-activation.php:2236

filterupgrader_source_selectionincludes\class-tgm-plugin-activation.php:2977

actionadmin_initincludes\class-tgm-plugin-activation.php:3147

actionupgrader_process_completeincludes\class-tgm-plugin-activation.php:3242

filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3301

filterupgrader_post_installincludes\class-tgm-plugin-activation.php:3446

actionelementor/editor/footerincludes\class-woostify-sites-elementor.php:205

actionelementor/editor/footerincludes\class-woostify-sites-elementor.php:206

actionelementor/editor/wp_headincludes\class-woostify-sites-elementor.php:209

actionrest_api_initincludes\class-woostify-sites-elementor.php:212

actiontemplate_redirectincludes\class-woostify-sites-elementor.php:213

actionmerlin_widget_settings_arrayincludes\class-woostify-sites-hooks.php:18

actionimport_startincludes\class-woostify-sites-hooks.php:19

filterintermediate_image_sizes_advancedincludes\class-woostify-sites-hooks.php:64

filterbulk_actions-toplevel_page_wpcf7includes\ctf7\class-import-export.php:51

filterhandle_bulk_actions-toplevel_page_wpcf7includes\ctf7\class-import-export.php:52

filterhandle_bulk_actions-edit-wpcf7_contact_formincludes\ctf7\class-import-export.php:53

actionload-toplevel_page_wpcf7includes\ctf7\class-import-export.php:54

actionadmin_noticesincludes\ctf7\class-import-export.php:55

filterbulk_actions-edit-postincludes\ctf7\class-import-export.php:57

filterhandle_bulk_actions-edit-postincludes\ctf7\class-import-export.php:58

actionadmin_menuincludes\ctf7\class-import-export.php:59

actiontgmpa_registerincludes\tgm-plugin-activation.php:35

actionplugins_loadedwoostify-sites.php:48

actioninitwoostify-sites.php:70

Maintenance & Trust

Woostify Sites Library Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.0

Downloads359K

Community Trust

Rating100/100

Number of ratings2

Active installs10K

Alternatives

Woostify Sites Library Alternatives

Starter Templates & Sites Pack by ThemeGrill

themegrill-demo-importer

Premium starter sites and website templates by ThemeGrill. Import demo content, widgets, and theme settings with one click.

80K 1 CVE

Ansar Import – One Click Demo Import for WordPress Themes

ansar-import

100

Easily import theme demos in one click. Simplifies starter sites setup.

20K No CVEs

Icyclub

icyclub

100

Icyclub plugin for Provided a readymade template for all Themeansar Theme

10K No CVEs

Thememiles Toolset

thememiles-toolset

Import ThemeMiles Official Themes Demo Content, Widgets and Theme settings with just one click.

600 No CVEs

Theme One Click Demo Importer

theme-one-click-demo-import

Import Theme404 official themes demo content, widgets and theme settings with just one click.

500 No CVEs

Developer Profile

Woostify Sites Library Developer Profile

Dylan Ngo - Woostify

3 plugins · 59K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

366 days

View full developer profile

Detection Fingerprints

How We Detect Woostify Sites Library

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woostify-sites-library/assets/css/style.css/wp-content/plugins/woostify-sites-library/assets/js/backend.js/wp-content/plugins/woostify-sites-library/assets/js/frontend.js/wp-content/plugins/woostify-sites-library/vendor/vendor/magefan/module-redirect/view/frontend/web/js/redirect.js

Script Paths

/wp-content/plugins/woostify-sites-library/assets/js/backend.js/wp-content/plugins/woostify-sites-library/assets/js/frontend.js

Version Parameters

woostify-sites-library/assets/css/style.css?ver=woostify-sites-library/assets/js/backend.js?ver=woostify-sites-library/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

woostify-sites-library-logo

HTML Comments

Better WordPress Theme Onboarding

Data Attributes

data-woostify-sites-library

JS Globals

woostify_sites_paramsWoostifySites

REST Endpoints

/wp-json/woostify-sites-library/v1/import

FAQ