Toolbelt Security & Risk Analysis
wordpress.org/plugins/wp-toolbeltFast, privacy focused, utilities to improve your website. Includes a Markdown block, spam protection, related posts, cookie banner, and more.
Is Toolbelt Safe to Use in 2026?
Generally Safe
Score 85/100Toolbelt has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-toolbelt plugin v3.6 exhibits a generally good security posture, with a strong emphasis on output escaping (95%) and a lack of critical or high-severity code signals like dangerous functions or taint vulnerabilities. The absence of any known CVEs is also a positive indicator. However, there are notable areas of concern that warrant attention. The presence of 3 unprotected entry points, specifically 2 AJAX handlers and 1 REST API route lacking authorization checks, presents a significant attack surface. While the overall number of SQL queries is manageable, the fact that 67% do not utilize prepared statements is a risk, potentially exposing the plugin to SQL injection vulnerabilities if malicious data is passed. The limited number of capability checks (only 1) further exacerbates the risk associated with unprotected entry points, as it suggests insufficient validation of user permissions.
Key Concerns
- Unprotected REST API routes
- Unprotected AJAX handlers
- SQL queries without prepared statements
- Limited capability checks
Toolbelt Security Vulnerabilities
Toolbelt Release Timeline
Toolbelt Code Analysis
SQL Query Safety
Output Escaping
Toolbelt Attack Surface
AJAX Handlers 2
REST API Routes 1
Shortcodes 3
WordPress Hooks 168
Maintenance & Trust
Toolbelt Maintenance & Trust
Maintenance Signals
Community Trust
Toolbelt Alternatives
WeShareAI – AI-Powered Share Buttons (formerly E-MAILiT)
e-mailit
Free, AI-powered, privacy-first share buttons for WordPress with optional post-share monetization.
Only Self Pings
only-self-pings
Keep your site privacy and automatic pingbacks!
AC Print + Email
ac-print-email
A clean, privacy-first Print and Email toolbar for WordPress. No tracking, no third-party services, no UI bloat.
Devlin Accessibility Monitor for WooCommerce
devlin-accessibility-monitor-for-woocommerce
See live WooCommerce accessibility friction as shoppers hit it — privacy-first monitoring without custom tables or session recordings.
Safety Exit Button – Quick Exit
safety-exit-button-quick-exit
Adds a safety exit button that lets visitors leave a website quickly.
Toolbelt Developer Profile
21 plugins · 113K total installs
How We Detect Toolbelt
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-toolbelt/modules/admin-tweaks/css/admin-tweaks.css/wp-content/plugins/wp-toolbelt/modules/avatars/js/avatars.js/wp-content/plugins/wp-toolbelt/modules/breadcrumbs/css/breadcrumbs.css/wp-content/plugins/wp-toolbelt/modules/contact-form/css/contact-form.css/wp-content/plugins/wp-toolbelt/modules/contact-form/js/contact-form.js/wp-content/plugins/wp-toolbelt/modules/cookie-banner/css/cookie-banner.css/wp-content/plugins/wp-toolbelt/modules/cookie-banner/js/cookie-banner.js/wp-content/plugins/wp-toolbelt/modules/disable-comment-urls/js/disable-comment-urls.js+23 more/wp-content/plugins/wp-toolbelt/modules/avatars/js/avatars.js/wp-content/plugins/wp-toolbelt/modules/contact-form/js/contact-form.js/wp-content/plugins/wp-toolbelt/modules/cookie-banner/js/cookie-banner.js/wp-content/plugins/wp-toolbelt/modules/disable-comment-urls/js/disable-comment-urls.js/wp-content/plugins/wp-toolbelt/modules/gist/js/gist.js/wp-content/plugins/wp-toolbelt/modules/infinite-scroll/js/infinite-scroll.js+10 morewp-toolbelt/modules/admin-tweaks/css/admin-tweaks.css?ver=wp-toolbelt/modules/avatars/js/avatars.js?ver=wp-toolbelt/modules/breadcrumbs/css/breadcrumbs.css?ver=wp-toolbelt/modules/contact-form/css/contact-form.css?ver=wp-toolbelt/modules/contact-form/js/contact-form.js?ver=wp-toolbelt/modules/cookie-banner/css/cookie-banner.css?ver=wp-toolbelt/modules/cookie-banner/js/cookie-banner.js?ver=wp-toolbelt/modules/disable-comment-urls/js/disable-comment-urls.js?ver=wp-toolbelt/modules/footnotes/css/footnotes.css?ver=wp-toolbelt/modules/gist/js/gist.js?ver=wp-toolbelt/modules/heading-anchors/css/heading-anchors.css?ver=wp-toolbelt/modules/infinite-scroll/js/infinite-scroll.js?ver=wp-toolbelt/modules/lazy-load/js/lazy-load.js?ver=wp-toolbelt/modules/maintenance-mode/css/maintenance-mode.css?ver=wp-toolbelt/modules/maintenance-mode/js/maintenance-mode.js?ver=wp-toolbelt/modules/menu-editor/css/menu-editor.css?ver=wp-toolbelt/modules/menu-editor/js/menu-editor.js?ver=wp-toolbelt/modules/no-certain-posts/js/no-certain-posts.js?ver=wp-toolbelt/modules/optimization/css/optimization.css?ver=wp-toolbelt/modules/performance-settings/css/performance-settings.css?ver=wp-toolbelt/modules/privacy-policy-page/css/privacy-policy-page.css?ver=wp-toolbelt/modules/recent-posts/css/recent-posts.css?ver=wp-toolbelt/modules/recent-posts/js/recent-posts.js?ver=wp-toolbelt/modules/search-shortcode/css/search-shortcode.css?ver=wp-toolbelt/modules/social-media-sharing/css/social-media-sharing.css?ver=wp-toolbelt/modules/social-media-sharing/js/social-media-sharing.js?ver=wp-toolbelt/modules/styles/css/styles.css?ver=wp-toolbelt/modules/svg-support/js/svg-support.js?ver=wp-toolbelt/modules/theme-update-bypass/js/theme-update-bypass.js?ver=wp-toolbelt/modules/tinymce-buttons/js/tinymce-buttons.js?ver=wp-toolbelt/toolbelt.js?ver=HTML / DOM Fingerprints
toolbelt-cookie-bannertoolbelt-maintenance-modetoolbelt-search-formtoolbelt-privacy-policy-page<!-- Toolbelt Cookie Banner --><!-- Toolbelt Maintenance Mode --><!-- Toolbelt Privacy Policy Page --><!-- Toolbelt Search Form -->data-toolbelt-cookie-bannerdata-toolbelt-maintenance-modedata-toolbelt-search-formdata-toolbelt-privacy-policy-pagetoolbeltCookieBannertoolbeltMaintenanceModeToolbeltSearch/wp-json/toolbelt/v1/search[toolbelt_search][toolbelt_cookie_banner][toolbelt_maintenance_mode][toolbelt_privacy_policy_page]