Customizer Field EndPoint Security & Risk Analysis

wordpress.org/plugins/wp-rest-theme-mod-endpoint

Add theme mod EndPoint to WP-REST API V2.

10 active installs v1.0.0 PHP + WP 3.0.1+ Updated Aug 2, 2016
customizer-endpointwp-rest
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Customizer Field EndPoint Safe to Use in 2026?

Generally Safe

Score 85/100

Customizer Field EndPoint has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The plugin "wp-rest-theme-mod-endpoint" v1.0.0 exhibits a concerning security posture primarily due to a significant unauthenticated entry point. The static analysis reveals a single REST API route that lacks a permission callback, meaning any user, including unauthenticated ones, can potentially interact with it. While the code demonstrates good practices by utilizing prepared statements for all SQL queries, properly escaping all outputs, and avoiding dangerous functions, file operations, external requests, and bundled libraries, this single unprotected REST API route represents a critical weakness. The absence of any known vulnerabilities in its history might suggest it hasn't been a target or has flown under the radar, but this does not negate the inherent risk of an unprotected endpoint. The strengths lie in its clean code structure regarding data handling and output, but the lack of access control on its sole entry point severely undermines its overall security.

Key Concerns

  • Unprotected REST API route
  • No capability checks on REST API
  • No nonce checks
Vulnerabilities
None known

Customizer Field EndPoint Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Customizer Field EndPoint Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Customizer Field EndPoint Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface
1 unprotected

Customizer Field EndPoint Attack Surface

Entry Points1
Unprotected1

REST API Routes 1

GET/wp-json/themes/v1/customizer-fields/admin/class-customizer-end-point-admin.php:104
WordPress Hooks 6
actionplugins_loadedincludes/class-customizer-end-point.php:139
actionadmin_enqueue_scriptsincludes/class-customizer-end-point.php:154
actionadmin_enqueue_scriptsincludes/class-customizer-end-point.php:155
actionrest_api_initincludes/class-customizer-end-point.php:156
actionwp_enqueue_scriptsincludes/class-customizer-end-point.php:171
actionwp_enqueue_scriptsincludes/class-customizer-end-point.php:172
Maintenance & Trust

Customizer Field EndPoint Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2
Last updatedAug 2, 2016
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Customizer Field EndPoint Developer Profile

vishalbasnet23

2 plugins · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Customizer Field EndPoint

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/customizer-end-point/css/customizer-end-point-admin.css/wp-content/plugins/customizer-end-point/js/customizer-end-point-admin.js
Script Paths
/wp-content/plugins/customizer-end-point/js/customizer-end-point-admin.js
Version Parameters
customizer-end-point/css/customizer-end-point-admin.css?ver=customizer-end-point/js/customizer-end-point-admin.js?ver=

HTML / DOM Fingerprints

REST Endpoints
/wp-json/themes/v1/customizer-fields/
FAQ

Frequently Asked Questions about Customizer Field EndPoint