Does Toolbelt have any unpatched vulnerabilities?

No. All known vulnerabilities in Toolbelt have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Toolbelt compatible with WordPress 6.5.0?

According to WordPress.org data, Toolbelt 3.6 has been tested up to WordPress 6.5.0. Check the plugin's changelog for the latest compatibility information.

How often is Toolbelt updated?

Toolbelt was last updated on Jan 30, 2024. Frequent updates are generally a positive security signal.

What is Toolbelt's security score?

Toolbelt has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Toolbelt Security & Risk Analysis

wordpress.org/plugins/wp-toolbelt

Fast, privacy focused, utilities to improve your website. Includes a Markdown block, spam protection, related posts, cookie banner, and more.

300 active installs v3.6 PHP + WP 5.0+ Updated Jan 30, 2024

accessibilityprivacyrelated-postssocial-menusocial-sharing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Toolbelt Safe to Use in 2026?

Generally Safe

Score 85/100

Toolbelt has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The wp-toolbelt plugin v3.6 exhibits a generally good security posture, with a strong emphasis on output escaping (95%) and a lack of critical or high-severity code signals like dangerous functions or taint vulnerabilities. The absence of any known CVEs is also a positive indicator. However, there are notable areas of concern that warrant attention. The presence of 3 unprotected entry points, specifically 2 AJAX handlers and 1 REST API route lacking authorization checks, presents a significant attack surface. While the overall number of SQL queries is manageable, the fact that 67% do not utilize prepared statements is a risk, potentially exposing the plugin to SQL injection vulnerabilities if malicious data is passed. The limited number of capability checks (only 1) further exacerbates the risk associated with unprotected entry points, as it suggests insufficient validation of user permissions.

Key Concerns

Unprotected REST API routes
Unprotected AJAX handlers
SQL queries without prepared statements
Limited capability checks

Vulnerabilities

None known

Toolbelt Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Toolbelt Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

185 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared6 total queries

Output Escaping

95% escaped194 total outputs

Attack Surface

3 unprotected

Toolbelt Attack Surface

Entry Points6

Unprotected3

AJAX Handlers 2

authwp_ajax_toolbelt_ajax_spammodules\contact-form\module-ajax.php:25

authwp_ajax_toolbelt_ajax_hammodules\contact-form\module-ajax.php:45

REST API Routes 1

GET/wp-json/wp-toolbelt/v1/infinite-scroll/(?P<page>\d+)modules\infinite-scroll\module.php:167

Shortcodes 3

[toolbelt-avatar] modules\avatars\module.php:188

[portfolio] modules\projects\module.php:373

[testimonials] modules\testimonials\module.php:237

WordPress Hooks 168

filterplugin_action_linksadmin\admin.php:55

actionadmin_menuadmin\admin.php:119

actiontoolbelt_module_settingsadmin\updates.php:26

actionupgrader_process_completeadmin\updates.php:27

actiontoolbelt_module_settingsadmin\updates.php:52

actionupgrader_process_completeadmin\updates.php:53

filterdeactivate_wp-toolbeltadmin\updates.php:93

filterwp_print_stylesindex.php:60

filteradmin_headindex.php:61

filterblock_categories_allindex.php:637

filterbody_classindex.php:715

actionadmin_headmodules\admin-tweaks\module.php:23

actioncustomize_controls_print_stylesmodules\admin-tweaks\module.php:24

filterpre_get_avatarmodules\avatars\module.php:44

actionwp_print_stylesmodules\avatars\module.php:60

actionadmin_headmodules\avatars\module.php:61

actionwp_footermodules\avatars\module.php:93

actionadmin_footermodules\avatars\module.php:94

actioninitmodules\breadcrumbs\module.php:434

actionadmin_headmodules\breadcrumbs\module.php:458

actionwp_print_stylesmodules\breadcrumbs\module.php:474

filterthe_generatormodules\cleanup\module.php:31

filtershow_recent_comments_widget_stylemodules\cleanup\module.php:51

filtertiny_mce_pluginsmodules\cleanup\module.php:60

filteremoji_svg_urlmodules\cleanup\module.php:77

filterxmlrpc_methodsmodules\cleanup\module.php:79

filterheartbeat_settingsmodules\cleanup\module.php:92

actionpre_pingmodules\cleanup\module.php:103

actionwp_print_stylesmodules\cleanup\module.php:116

actionwp_default_scriptsmodules\cleanup\module.php:127

actionwp_enqueue_scriptsmodules\cleanup\module.php:140

filterjetpack_tools_to_includemodules\cleanup\module.php:148

filterjetpack_just_in_time_msgsmodules\cleanup\module.php:164

filterjetpack_psh_activemodules\cleanup\module.php:171

actionwp_print_scriptsmodules\cleanup\module.php:175

actioninitmodules\contact-form\module-admin.php:168

actionwp_print_stylesmodules\contact-form\module-admin.php:354

actionwp_footermodules\contact-form\module-admin.php:370

filterrest_api_allowed_post_typesmodules\contact-form\module-cpt.php:54

actionmanage_feedback_posts_columnsmodules\contact-form\module-cpt.php:138

actionmanage_posts_custom_columnmodules\contact-form\module-cpt.php:208

filterpost_row_actionsmodules\contact-form\module-cpt.php:267

actionadmin_enqueue_scriptsmodules\contact-form\module-cpt.php:287

actiontoolbelt_cron_dailymodules\contact-form\module-cron.php:29

actionadmin_headmodules\contact-form\module-fields.php:339

actionwp_footermodules\contact-form\module-fields.php:474

actioninitmodules\contact-form\module-submit-form.php:172

filtertoolbelt_contact_form_subjectmodules\contact-form\module-submit-form.php:203

actionsend_headersmodules\content-security-policy\module.php:98

filterwp_footermodules\cookie-banner\module.php:45

filterget_comment_author_linkmodules\disable-comment-urls\module.php:23

filtercomment_form_default_fieldsmodules\disable-comment-urls\module.php:39

actiontoolbelt_module_toolsmodules\disable-comment-urls\tools.php:43

actiontoolbelt_tool_actionsmodules\disable-comment-urls\tools.php:65

filterrest_authentication_errorsmodules\disable-rest-api\module.php:34

actioncustomize_registermodules\enable-customizer\module.php:23

actionwpmodules\fast-404\module.php:70

filterpost_thumbnail_htmlmodules\featured-attachment\module.php:51

filterthe_contentmodules\footnotes\module.php:182

filterpost_thumbnail_htmlmodules\get-image\module.php:129

actioninitmodules\gist\module.php:56

actionadmin_headmodules\gist\module.php:70

filterthe_contentmodules\heading-anchors\module.php:67

filterwp_footermodules\infinite-scroll\module.php:48

filterwp_headmodules\infinite-scroll\module.php:69

filternavigation_markup_templatemodules\infinite-scroll\module.php:83

filterbody_classmodules\infinite-scroll\module.php:84

actionwpmodules\infinite-scroll\module.php:88

actionrest_api_initmodules\infinite-scroll\module.php:179

actioninfinite_scroll_rendermodules\infinite-scroll\module.php:280

filterjetpack_offline_modemodules\jetpack-dev-mode\module.php:8

actionenqueue_block_editor_assetsmodules\layout-grid\module.php:37

actionadmin_headmodules\layout-grid\module.php:51

filterwp_headmodules\layout-grid\module.php:83

filterthe_contentmodules\lazy-load\module.php:61

filterthe_contentmodules\lazy-load\module.php:62

filterget_avatarmodules\lazy-load\module.php:63

actioninitmodules\markdown\module.php:53

actionwp_headmodules\monetization\module.php:37

actiontoolbelt_module_settings_fieldsmodules\monetization\settings.php:48

filtertoolbelt_save_settingsmodules\monetization\settings.php:64

actioninitmodules\post-category\module.php:82

actionadmin_headmodules\post-category\module.php:406

actionwp_print_stylesmodules\post-category\module.php:425

filterthe_contentmodules\private-embeds\module.php:20

filterembed_oembed_htmlmodules\private-embeds\module.php:96

filterwp_footermodules\private-embeds\module.php:110

actioninitmodules\projects\module.php:150

filtertoolbelt_related_post_typesmodules\projects\module.php:166

filtertoolbelt_social_sharing_post_typesmodules\projects\module.php:182

actionadmin_enqueue_scriptsmodules\projects\module.php:271

actionwp_print_stylesmodules\projects\module.php:560

actionadmin_headmodules\projects\module.php:576

actioninitmodules\projects\module.php:663

actiontoolbelt_module_toolsmodules\projects\tools.php:46

actiontoolbelt_tool_actionsmodules\projects\tools.php:133

actiontemplate_redirectmodules\random-redirect\module.php:64

filterthe_contentmodules\related-posts\module.php:60

actionwp_print_stylesmodules\related-posts\module.php:131

actionadmin_headmodules\related-posts\module.php:147

actioninitmodules\related-posts\module.php:390

actiontoolbelt_module_toolsmodules\related-posts\tools.php:37

actiontoolbelt_tool_actionsmodules\related-posts\tools.php:59

filterget_comment_author_IPmodules\remove-ips\module.php:22

filterpre_comment_user_ipmodules\remove-ips\module.php:27

filterwp_video_shortcodemodules\responsive-videos\module.php:25

filtervideo_embed_htmlmodules\responsive-videos\module.php:26

filterembed_oembed_htmlmodules\responsive-videos\module.php:29

filterembed_handler_htmlmodules\responsive-videos\module.php:30

filterbp_embed_oembed_htmlmodules\responsive-videos\module.php:33

filtertoolbelt_slideshare_shortcodemodules\responsive-videos\module.php:36

filterwp_headmodules\responsive-videos\module.php:38

filterrender_blockmodules\responsive-videos\module.php:42

actionafter_setup_thememodules\responsive-videos\module.php:47

actiontemplate_redirectmodules\search-redirect\module.php:65

actioninitmodules\sitemap\module.php:63

actioninitmodules\slider\module.php:45

actionadmin_headmodules\slider\module.php:59

filterwp_headmodules\slider\module.php:75

filterwalker_nav_menu_start_elmodules\social-menu\module.php:162

filterthe_contentmodules\social-sharing\module.php:155

actionwp_footermodules\social-sharing\module.php:170

filteroption_toolbelt_settingsmodules\social-sharing\module.php:381

actiontoolbelt_module_settings_fieldsmodules\social-sharing\settings.php:84

filtertoolbelt_save_settingsmodules\social-sharing\settings.php:103

actiontoolbelt_cron_weeklymodules\spam-blocker\module-cron.php:38

actionwp_footermodules\spam-blocker\module.php:46

filtercomment_form_default_fieldsmodules\spam-blocker\module.php:79

filterpre_comment_approvedmodules\spam-blocker\module.php:147

filterjetpack_contact_form_is_spammodules\spam-blocker\module.php:175

filtergform_entry_is_spammodules\spam-blocker\module.php:178

filtertoolbelt_contact_form_spammodules\spam-blocker\module.php:181

filtertoolbelt_contact_form_spam_contentmodules\spam-blocker\module.php:239

filteroption_blacklist_keysmodules\spam-blocker\module.php:285

filteroption_disallowed_keysmodules\spam-blocker\module.php:286

actioninitmodules\star-rating\module.php:74

actionadmin_headmodules\star-rating\module.php:88

actionwp_print_stylesmodules\star-rating\module.php:106

actionadmin_bar_menumodules\stats\module.php:122

actionwp_footermodules\stats\provider-fathom.php:65

filterwp_resource_hintsmodules\stats\provider-fathom.php:85

actionwp_footermodules\stats\provider-plausible.php:46

filterwp_resource_hintsmodules\stats\provider-plausible.php:66

actionwp_footermodules\stats\provider-simple-analytics.php:34

filterwp_resource_hintsmodules\stats\provider-simple-analytics.php:55

actiontoolbelt_module_settings_fieldsmodules\stats\settings.php:106

filtertoolbelt_save_settingsmodules\stats\settings.php:125

actioninitmodules\testimonials\module.php:89

filtertoolbelt_social_sharing_post_typesmodules\testimonials\module.php:105

filterenter_title_heremodules\testimonials\module.php:149

filtertoolbelt_testimonial_contentmodules\testimonials\module.php:305

filtertoolbelt_testimonial_contentmodules\testimonials\module.php:306

filtertoolbelt_testimonial_contentmodules\testimonials\module.php:307

filtertoolbelt_testimonial_contentmodules\testimonials\module.php:308

actionwp_print_stylesmodules\testimonials\module.php:332

actionadmin_headmodules\testimonials\module.php:348

actioninitmodules\testimonials\module.php:408

actiontoolbelt_module_toolsmodules\testimonials\tools.php:46

actiontoolbelt_tool_actionsmodules\testimonials\tools.php:104

filteradmin_headmodules\tidy-notifications\module.php:24

filteradmin_footermodules\tidy-notifications\module.php:42

actionadmin_bar_menumodules\tidy-notifications\module.php:76

filterin_widget_formmodules\widget-display\module-admin.php:46

filterwidget_update_callbackmodules\widget-display\module-admin.php:66

filtersidebars_widgetsmodules\widget-display\module-frontend.php:54

actiondynamic_sidebarmodules\widget-display\module-frontend.php:64

actioncustomize_preview_initmodules\widget-display\module-frontend.php:68

filterthe_titlemodules\widows\module.php:41

Maintenance & Trust

Toolbelt Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.0

Last updatedJan 30, 2024

PHP min version

Downloads17K

Community Trust

Rating100/100

Number of ratings16

Active installs300

Alternatives

Toolbelt Alternatives

WeShareAI – AI-Powered Share Buttons (formerly E-MAILiT)

e-mailit

Free, AI-powered, privacy-first share buttons for WordPress with optional post-share monetization.

800 1 unpatched

Only Self Pings

only-self-pings

Keep your site privacy and automatic pingbacks!

10 No CVEs

AC Print + Email

ac-print-email

100

A clean, privacy-first Print and Email toolbar for WordPress. No tracking, no third-party services, no UI bloat.

0 No CVEs

Complianz – GDPR/CCPA Cookie Consent

complianz-gdpr

Configure your Cookie Banner, Cookie Consent and Cookie Policy with our Wizard and Cookies Scan.

1.0M 9 CVEs

Cookie Notice & Compliance for GDPR / CCPA

cookie-notice

Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.

900K 6 CVEs

Developer Profile

Toolbelt Developer Profile

binarymoon

4 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Toolbelt

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-toolbelt/modules/admin-tweaks/css/admin-tweaks.css/wp-content/plugins/wp-toolbelt/modules/avatars/js/avatars.js/wp-content/plugins/wp-toolbelt/modules/breadcrumbs/css/breadcrumbs.css/wp-content/plugins/wp-toolbelt/modules/contact-form/css/contact-form.css/wp-content/plugins/wp-toolbelt/modules/contact-form/js/contact-form.js/wp-content/plugins/wp-toolbelt/modules/cookie-banner/css/cookie-banner.css/wp-content/plugins/wp-toolbelt/modules/cookie-banner/js/cookie-banner.js/wp-content/plugins/wp-toolbelt/modules/disable-comment-urls/js/disable-comment-urls.js+23 more

Script Paths

/wp-content/plugins/wp-toolbelt/modules/avatars/js/avatars.js/wp-content/plugins/wp-toolbelt/modules/contact-form/js/contact-form.js/wp-content/plugins/wp-toolbelt/modules/cookie-banner/js/cookie-banner.js/wp-content/plugins/wp-toolbelt/modules/disable-comment-urls/js/disable-comment-urls.js/wp-content/plugins/wp-toolbelt/modules/gist/js/gist.js/wp-content/plugins/wp-toolbelt/modules/infinite-scroll/js/infinite-scroll.js+10 more

Version Parameters

wp-toolbelt/modules/admin-tweaks/css/admin-tweaks.css?ver=wp-toolbelt/modules/avatars/js/avatars.js?ver=wp-toolbelt/modules/breadcrumbs/css/breadcrumbs.css?ver=wp-toolbelt/modules/contact-form/css/contact-form.css?ver=wp-toolbelt/modules/contact-form/js/contact-form.js?ver=wp-toolbelt/modules/cookie-banner/css/cookie-banner.css?ver=wp-toolbelt/modules/cookie-banner/js/cookie-banner.js?ver=wp-toolbelt/modules/disable-comment-urls/js/disable-comment-urls.js?ver=wp-toolbelt/modules/footnotes/css/footnotes.css?ver=wp-toolbelt/modules/gist/js/gist.js?ver=wp-toolbelt/modules/heading-anchors/css/heading-anchors.css?ver=wp-toolbelt/modules/infinite-scroll/js/infinite-scroll.js?ver=wp-toolbelt/modules/lazy-load/js/lazy-load.js?ver=wp-toolbelt/modules/maintenance-mode/css/maintenance-mode.css?ver=wp-toolbelt/modules/maintenance-mode/js/maintenance-mode.js?ver=wp-toolbelt/modules/menu-editor/css/menu-editor.css?ver=wp-toolbelt/modules/menu-editor/js/menu-editor.js?ver=wp-toolbelt/modules/no-certain-posts/js/no-certain-posts.js?ver=wp-toolbelt/modules/optimization/css/optimization.css?ver=wp-toolbelt/modules/performance-settings/css/performance-settings.css?ver=wp-toolbelt/modules/privacy-policy-page/css/privacy-policy-page.css?ver=wp-toolbelt/modules/recent-posts/css/recent-posts.css?ver=wp-toolbelt/modules/recent-posts/js/recent-posts.js?ver=wp-toolbelt/modules/search-shortcode/css/search-shortcode.css?ver=wp-toolbelt/modules/social-media-sharing/css/social-media-sharing.css?ver=wp-toolbelt/modules/social-media-sharing/js/social-media-sharing.js?ver=wp-toolbelt/modules/styles/css/styles.css?ver=wp-toolbelt/modules/svg-support/js/svg-support.js?ver=wp-toolbelt/modules/theme-update-bypass/js/theme-update-bypass.js?ver=wp-toolbelt/modules/tinymce-buttons/js/tinymce-buttons.js?ver=wp-toolbelt/toolbelt.js?ver=

HTML / DOM Fingerprints

CSS Classes

toolbelt-cookie-bannertoolbelt-maintenance-modetoolbelt-search-formtoolbelt-privacy-policy-page

HTML Comments

Data Attributes

data-toolbelt-cookie-bannerdata-toolbelt-maintenance-modedata-toolbelt-search-formdata-toolbelt-privacy-policy-page

JS Globals

toolbeltCookieBannertoolbeltMaintenanceModeToolbeltSearch

REST Endpoints

/wp-json/toolbelt/v1/search

Shortcode Output

[toolbelt_search][toolbelt_cookie_banner][toolbelt_maintenance_mode][toolbelt_privacy_policy_page]

FAQ