WP-Safety

WP Theme ShapeShifter Extensions Security & Risk Analysis

wordpress.org/plugins/wp-theme-shapeshifter-extensions

Extensional Functionalities for WP Theme ShapeShifter.

10 active installs v1.2.7 PHP + WP 4.0.1+ Updated Unknown
extensionssettingsshapeshiftertheme
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Theme ShapeShifter Extensions Safe to Use in 2026?

Generally Safe

Score 100/100

WP Theme ShapeShifter Extensions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wp-theme-shapeshifter-extensions" v1.2.7 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and a high percentage of properly escaped outputs. The presence of numerous nonce and capability checks (21 each) is also encouraging, suggesting an awareness of common WordPress security mechanisms. The vulnerability history being entirely clear further contributes to a perception of a relatively secure plugin.

However, significant concerns arise from the attack surface. With 22 total entry points, 14 of which lack authentication checks, the plugin presents a substantial area for potential exploitation. The presence of 11 unsanitized paths in the taint analysis, even without critical or high severity issues, indicates a risk of insecure handling of user-provided data that could lead to vulnerabilities if combined with other factors. The use of `create_function`, a deprecated and often insecure PHP function, is another red flag. The large number of unprotected AJAX handlers is particularly worrying as these can be directly accessed by unauthenticated users.

In conclusion, while the plugin has a clean vulnerability history and some strong internal security practices, the large, unprotected attack surface and the presence of unsanitized data flows are significant weaknesses. The use of `create_function` adds another layer of concern. These factors necessitate careful monitoring and potential mitigation strategies to address the identified risks.

Key Concerns

  • Large attack surface without auth checks
  • Flows with unsanitized paths
  • Dangerous function: create_function
  • AJAX handlers without auth checks
Vulnerabilities
None known

WP Theme ShapeShifter Extensions Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Theme ShapeShifter Extensions Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
6 prepared
Unescaped Output
333
2510 escaped
Nonce Checks
21
Capability Checks
21
File Operations
3
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function( '', 'return register_widget( "' . $widget_class_name . includes\widget\class-sse-widget-manager.php:127

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared6 total queries

Output Escaping

88% escaped2843 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

16 flows11 with unsanitized paths
print_table_row (includes\admin\metabox\class-sse-metabox-subcontents.php:178)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

WP Theme ShapeShifter Extensions Attack Surface

Entry Points22
Unprotected14

AJAX Handlers 20

authwp_ajax_shapeshifter_save_google_fonts_api_keyincludes\admin\admin-page\class-sse-page-custom-font-settings.php:89
noprivwp_ajax_shapeshifter_save_google_fonts_api_keyincludes\admin\admin-page\class-sse-page-custom-font-settings.php:90
authwp_ajax_shapeshifter_print_google_fonts_listincludes\admin\admin-page\class-sse-page-custom-font-settings.php:92
noprivwp_ajax_shapeshifter_print_google_fonts_listincludes\admin\admin-page\class-sse-page-custom-font-settings.php:93
authwp_ajax_shapeshifter_save_applied_google_fonts_listincludes\admin\admin-page\class-sse-page-custom-font-settings.php:95
noprivwp_ajax_shapeshifter_save_applied_google_fonts_listincludes\admin\admin-page\class-sse-page-custom-font-settings.php:96
authwp_ajax_priv_messageincludes\admin\admin-page\class-sse-page-custom-font-settings.php:98
noprivwp_ajax_nopriv_messageincludes\admin\admin-page\class-sse-page-custom-font-settings.php:99
authwp_ajax_shapeshifter_save_pixabay_save_api_keyincludes\admin\admin-page\class-sse-page-pixabay-media-fetcher.php:83
authwp_ajax_shapeshifter_import_pixabay_imagesincludes\admin\admin-page\class-sse-page-pixabay-media-fetcher.php:84
authwp_ajax_shapeshifter_save_pixabay_imageincludes\admin\admin-page\class-sse-page-pixabay-media-fetcher.php:85
authwp_ajax_dismiss_message_for_user_slugincludes\admin\class-sse-user-meta-manager.php:78
authwp_ajax_print_table_rowincludes\admin\metabox\class-sse-metabox-subcontents.php:123
authwp_ajax_save_to_output_widget_areasincludes\admin\metabox\class-sse-metabox-subcontents.php:124
authwp_ajax_insert_google_map_from_shapeshifter_buttonincludes\tinymce\class-sse-tinymce-manager.php:55
authwp_ajax_shapeshifter_get_post_dataincludes\tinymce\class-sse-tinymce-manager.php:68
authwp_ajax_get_settings_form_for_each_itemincludes\widget\class-sse-widget-slide-gallery.php:35
authwp_ajax_get_settings_form_for_textincludes\widget\class-sse-widget-slide-gallery.php:36
authwp_ajax_get_settings_form_for_textareaincludes\widget\class-sse-widget-slide-gallery.php:37
authwp_ajax_get_settings_form_for_downloadincludes\widget\class-sse-widget-slide-gallery.php:38

Shortcodes 2

[shapeshifter_new_entries] includes\shortcode\class-sse-shortcode-manager.php:27
[shapeshifter_search_entries] includes\shortcode\class-sse-shortcode-manager.php:29
WordPress Hooks 120
actioncustomize_registerincludes\3rd\customizer\customizer.php:6
actioncustomize_registerincludes\3rd\nora-custom-theme-customizer-settings\nora-custom-theme-customizer-settings.php:94
actioncustomize_controls_print_footer_scriptsincludes\3rd\nora-custom-theme-customizer-settings\nora-custom-theme-customizer-settings.php:97
actioncustomize_preview_initincludes\3rd\nora-custom-theme-customizer-settings\nora-custom-theme-customizer-settings.php:105
actionwp_headincludes\3rd\nora-custom-theme-customizer-settings\nora-custom-theme-customizer-settings.php:108
actioncustomize_save_afterincludes\3rd\nora-custom-theme-customizer-settings\nora-custom-theme-customizer-settings.php:114
actionall_admin_noticesincludes\abstract\class-sse-deprecated-abstract.php:59
actionsave_postincludes\abstract\class-sse-metabox-abstract.php:91
actionadd_meta_boxesincludes\abstract\class-sse-metabox-abstract.php:92
actionadmin_enqueue_scriptsincludes\abstract\class-sse-metabox-abstract.php:93
actionadmin_menuincludes\admin\admin-page\class-sse-page-abstract.php:95
actionadmin_noticesincludes\admin\admin-page\class-sse-page-abstract.php:96
actionadmin_enqueue_scriptsincludes\admin\admin-page\class-sse-page-abstract.php:97
actionadmin_noticesincludes\admin\admin-page\class-sse-page-custom-font-settings.php:81
actionadmin_menuincludes\admin\admin-page\class-sse-page-custom-font-settings.php:83
actionadmin_enqueue_scriptsincludes\admin\admin-page\class-sse-page-custom-font-settings.php:85
actionadmin_menuincludes\admin\admin-page\class-sse-page-frontend-settings.php:101
actionadmin_menuincludes\admin\admin-page\class-sse-page-frontend-settings.php:102
actionadmin_print_footer_scriptsincludes\admin\admin-page\class-sse-page-pixabay-media-fetcher.php:80
actionadmin_enqueue_scriptsincludes\admin\class-sse-admin-manager.php:119
actionadmin_print_footer_scriptsincludes\admin\class-sse-admin-manager.php:122
filterdefault_contentincludes\admin\class-sse-admin-manager.php:125
actionwp_dashboard_setupincludes\admin\class-sse-dashboard-manager.php:58
actionall_admin_noticesincludes\admin\class-sse-icon-manager.php:57
actionadmin_menuincludes\admin\class-sse-nav-menu-editor.php:34
actionsse_nav_menu_item_editincludes\admin\class-sse-nav-menu-editor.php:37
actionwp_update_nav_menu_itemincludes\admin\class-sse-nav-menu-editor.php:38
filterwp_edit_nav_menu_walkerincludes\admin\class-sse-nav-menu-editor.php:41
actionadmin_enqueue_scriptsincludes\admin\class-sse-nav-menu-editor.php:44
actionedit_termincludes\admin\class-sse-taxonomy-editor.php:54
actionadmin_initincludes\admin\class-sse-user-meta-manager.php:40
actionadmin_noticesincludes\admin\class-sse-user-meta-manager.php:62
actionadmin_noticesincludes\admin\class-sse-user-meta-manager.php:64
actionpersonal_options_updateincludes\admin\class-sse-user-meta-manager.php:67
actionedit_user_profile_updateincludes\admin\class-sse-user-meta-manager.php:68
actionshow_user_profileincludes\admin\class-sse-user-meta-manager.php:71
actionedit_user_profileincludes\admin\class-sse-user-meta-manager.php:72
actionadmin_enqueue_scriptsincludes\admin\class-sse-user-meta-manager.php:75
actionprofile_updateincludes\admin\class-sse-user-meta-manager.php:238
actionadd_meta_boxesincludes\admin\metabox\class-sse-metabox-subcontents.php:121
actionadmin_enqueue_scriptsincludes\admin\metabox\class-sse-metabox-subcontents.php:122
actionafter_setup_themeincludes\class-shapeshifter-extensions.php:449
actionshapeshifter_action_include_required_filesincludes\class-shapeshifter-extensions.php:452
filtershapeshifter_filter_data_registered_cssincludes\class-shapeshifter-extensions.php:456
actionwp_enqueue_scriptsincludes\class-shapeshifter-extensions.php:458
actionadmin_enqueue_scriptsincludes\class-shapeshifter-extensions.php:459
actioncustomize_preview_initincludes\class-shapeshifter-extensions.php:460
actioncustomize_controls_print_footer_scriptsincludes\class-shapeshifter-extensions.php:461
filterwp_titleincludes\class-shapeshifter-extensions.php:465
filterwp_unique_post_slugincludes\class-shapeshifter-extensions.php:468
filterexcerpt_lengthincludes\class-shapeshifter-extensions.php:471
filtershapeshifter_filter_excerpt_lengthincludes\class-shapeshifter-extensions.php:472
filtershapeshifter_filter_font_familiesincludes\class-shapeshifter-extensions.php:475
filtershapeshifter_filters_class_post_list_maybe_ajaxincludes\class-shapeshifter-extensions.php:478
filtershapeshifter_filters_walker_nav_menu_instanceincludes\class-shapeshifter-extensions.php:481
filtershapeshifter_filter_is_lazylaod_onincludes\class-shapeshifter-extensions.php:484
filtershapeshifter_filters_default_theme_modsincludes\data\class-sse-theme-mod-manager.php:47
actioninitincludes\feed\class-sse-cpt-feed.php:15
actionadd_meta_boxesincludes\feed\class-sse-cpt-feed.php:18
filterthe_contentincludes\frontend\class-sse-frontend-filter-manager.php:43
filtershapeshifter_filter_widget_entry_thumbnail_imageincludes\frontend\class-sse-frontend-filter-manager.php:49
filterstyle_loader_tagincludes\frontend\class-sse-frontend-filter-manager.php:53
filterscript_loader_tagincludes\frontend\class-sse-frontend-filter-manager.php:56
filtershapeshifter_filter_mobile_sidebarincludes\frontend\class-sse-frontend-filter-manager.php:60
actionpre_get_postsincludes\frontend\class-sse-frontend-manager.php:244
actionposts_selectionincludes\frontend\class-sse-frontend-manager.php:247
actionwp_enqueue_scriptsincludes\frontend\class-sse-frontend-manager.php:250
actionshapeshifter_frontend_after_define_classesincludes\frontend\class-sse-frontend-manager.php:260
actionwp_headincludes\frontend\class-sse-frontend-manager.php:264
actionwp_headincludes\frontend\class-sse-frontend-manager.php:266
actionwp_headincludes\frontend\class-sse-frontend-manager.php:268
actionwp_headincludes\frontend\class-sse-frontend-manager.php:270
actionwp_headincludes\frontend\class-sse-frontend-manager.php:272
actionwp_headincludes\frontend\class-sse-frontend-manager.php:274
actionwp_headincludes\frontend\class-sse-frontend-manager.php:276
actionwp_headincludes\frontend\class-sse-frontend-manager.php:278
actionwp_headincludes\frontend\class-sse-frontend-manager.php:280
actionwp_headincludes\frontend\class-sse-frontend-manager.php:284
actionshapeshifter_body_wrapper_startincludes\frontend\class-sse-frontend-manager.php:286
actionwp_footerincludes\frontend\class-sse-frontend-manager.php:288
actionshapeshifter_header_logoincludes\frontend\class-sse-frontend-manager.php:291
actionshapeshifter_archive_read_laterincludes\frontend\class-sse-frontend-manager.php:294
actionsse_share_buttonsincludes\frontend\class-sse-frontend-manager.php:295
actionsse_share_iconsincludes\frontend\class-sse-frontend-manager.php:296
actionshapeshifter_paginationincludes\frontend\class-sse-frontend-manager.php:299
actionshapeshifter_post_meta_outputs_in_widget_area_hookincludes\frontend\class-sse-frontend-manager.php:302
actionwp_footerincludes\frontend\class-sse-frontend-manager.php:306
filtershapeshifter_filters_walker_nav_menu_instanceincludes\frontend\class-sse-frontend-manager.php:309
filtershapeshifter_filter_default_thumbnail_div_tagincludes\frontend\class-sse-rendering-manager.php:36
filtershapeshifter_filter_default_thumbnail_img_tagincludes\frontend\class-sse-rendering-manager.php:37
filtershapeshifter_filter_post_thumbnail_div_tagincludes\frontend\class-sse-rendering-manager.php:38
actioninitincludes\link\class-sse-cpt-link.php:15
actionadd_meta_boxesincludes\link\class-sse-cpt-link.php:18
actionall_admin_noticesincludes\notification\class-sse-notification-manager.php:50
actionpublish_postincludes\page-view-counter\class-shapeshifter-page-view-count.php:51
actionpublish_pageincludes\page-view-counter\class-shapeshifter-page-view-count.php:52
actionwp_headincludes\page-view-counter\class-shapeshifter-page-view-count.php:55
actionwp_footerincludes\page-view-counter\class-shapeshifter-page-view-count.php:57
actionshapeshifter_frontend_after_define_content_area_layoutincludes\style\class-sse-style-manager.php:59
actioncustomize_registerincludes\theme-customizer\class-sse-theme-customizer.php:186
actioncustomize_preview_initincludes\theme-customizer\class-sse-theme-customizer.php:188
filtershapeshifter_filter_font_familiesincludes\theme-customizer\class-sse-theme-customizer.php:194
actionadmin_initincludes\tinymce\class-sse-tinymce-manager.php:51
actionadmin_print_scriptsincludes\tinymce\class-sse-tinymce-manager.php:52
actionadmin_enqueue_scriptsincludes\tinymce\class-sse-tinymce-manager.php:58
actioncustomize_save_afterincludes\tinymce\class-sse-tinymce-manager.php:62
actionadmin_initincludes\tinymce\class-sse-tinymce-manager.php:63
filtermce_external_pluginsincludes\tinymce\class-sse-tinymce-manager.php:89
filtermce_buttonsincludes\tinymce\class-sse-tinymce-manager.php:90
actionadmin_enqueue_scriptsincludes\widget\class-sse-widget-manager.php:82
filterwidget_display_callbackincludes\widget\class-sse-widget-manager.php:85
filterwidget_update_callbackincludes\widget\class-sse-widget-manager.php:86
actionin_widget_formincludes\widget\class-sse-widget-manager.php:87
actionwidgets_initincludes\widget\class-sse-widget-manager.php:127
actionwidgets_initincludes\widget\class-sse-widget-manager.php:131
actionwp_enqueue_scriptsincludes\widget\class-sse-widget-slide-gallery.php:32
actionwidgets_initincludes\widget-area\class-sse-widget-area-manager.php:136
actionadmin_enqueue_scriptsincludes\widget-area\class-sse-widget-area-manager.php:141
actionwp_footerincludes\widget-area\class-sse-widget-area-manager.php:145
actionshapeshifter_widget_areasincludes\widget-area\class-sse-widget-area-manager.php:150
Maintenance & Trust

WP Theme ShapeShifter Extensions Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedUnknown
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP Theme ShapeShifter Extensions Alternatives

One Click Demo Import

One Click Demo Import

one-click-demo-import

A
97

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs
OptionTree

OptionTree

option-tree

B
82

Theme Options UI Builder for WordPress. A simple way to create & save Theme Options and Meta Boxes for free or premium themes.

60K 5 CVEs
Import / Export Customizer Settings

Import / Export Customizer Settings

astra-import-export

A
100

Astra theme customizer offers several settings for header/footer layout, sidebar and blog designs, colors, backgrounds, typography and much more.

50K 1 CVE
aThemes Addons for Elementor

aThemes Addons for Elementor

athemes-addons-for-elementor-lite

A
92

A collection of 30+ essential Elementor addons that let you create galleries, sliders, calls to action, forms, pricing tables, animations, and more.

8K 7 CVEs
Catch Themes Demo Import

Catch Themes Demo Import

catch-themes-demo-import

A
98

Catch Themes Demo Import is a simple and easy-to-use demo importer WordPress plugin that allows you to import the theme demo data Based on One Click D …

6K 2 CVEs
Developer Profile

WP Theme ShapeShifter Extensions Developer Profile

Nora

6 plugins · 230 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Theme ShapeShifter Extensions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/css/admin/main.css/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/admin/main.js/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/admin/vendors/bootstrap.min.js/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/admin/vendors/jquery.mCustomScrollbar.concat.min.js/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/frontend/main.js/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/frontend/vendors/jquery.easing.1.3.js/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/frontend/vendors/jquery.validate.min.js/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/frontend/vendors/jquery.waypoints.min.js+1 more
Generator Patterns
WP Theme ShapeShifter Extensions 1.2.7
Script Paths
/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/admin/main.js/wp-content/plugins/wp-theme-shapeshifter-extensions/assets/js/frontend/main.js
Version Parameters
wp-theme-shapeshifter-extensions/assets/css/admin/main.css?ver=wp-theme-shapeshifter-extensions/assets/js/admin/main.js?ver=wp-theme-shapeshifter-extensions/assets/js/admin/vendors/bootstrap.min.js?ver=wp-theme-shapeshifter-extensions/assets/js/admin/vendors/jquery.mCustomScrollbar.concat.min.js?ver=wp-theme-shapeshifter-extensions/assets/js/frontend/main.js?ver=wp-theme-shapeshifter-extensions/assets/js/frontend/vendors/jquery.easing.1.3.js?ver=wp-theme-shapeshifter-extensions/assets/js/frontend/vendors/jquery.validate.min.js?ver=wp-theme-shapeshifter-extensions/assets/js/frontend/vendors/jquery.waypoints.min.js?ver=wp-theme-shapeshifter-extensions/assets/js/frontend/vendors/scrollreveal.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
alpha-color-controlmulti-color-picker-triggers
Data Attributes
data-show-opacitydata-palettedata-default-color
JS Globals
alpha-color-pickermulti-color-picker
FAQ

Frequently Asked Questions about WP Theme ShapeShifter Extensions