Does WPMasterToolKit (WPMTK) – All in one plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in WPMasterToolKit (WPMTK) – All in one plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPMasterToolKit (WPMTK) – All in one plugin compatible with WordPress 6.9.4?

According to WordPress.org data, WPMasterToolKit (WPMTK) – All in one plugin 2.18.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WPMasterToolKit (WPMTK) – All in one plugin compatible with PHP 7.4+?

WPMasterToolKit (WPMTK) – All in one plugin requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WPMasterToolKit (WPMTK) – All in one plugin updated?

WPMasterToolKit (WPMTK) – All in one plugin was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is WPMasterToolKit (WPMTK) – All in one plugin's security score?

WPMasterToolKit (WPMTK) – All in one plugin has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPMasterToolKit (WPMTK) – All in one plugin Security & Risk Analysis

wordpress.org/plugins/wpmastertoolkit

Duplicate post, post order, email via SMTP, code snippets, disable gutenberg, child theme generator, svg support, disable XMLRPC, and more...

4K active installs v2.18.0 PHP 7.4+ WP 6.0.0+ Updated Mar 11, 2026

adminall-in-one-plugindisable-featureseasy-to-usesecurity

A · Safe

CVEs total5

Unpatched0

Last CVEJan 15, 2026

Plugin page Download

Safety Verdict

Is WPMasterToolKit (WPMTK) – All in one plugin Safe to Use in 2026?

Generally Safe

Score 90/100

WPMasterToolKit (WPMTK) – All in one plugin has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jan 15, 2026Updated 23d ago

Risk Assessment

The "wpmastertoolkit" v2.18.0 plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping (98% proper) and utilizes prepared statements for the majority of its SQL queries (80%), significant concerns arise from its attack surface and taint analysis. The presence of 2 AJAX handlers without authentication checks presents a direct risk of unauthorized actions. The taint analysis reveals a high number of flows with unsanitized paths (95 out of 106) and a substantial number of critical and high severity issues, indicating potential for code injection or path traversal vulnerabilities stemming from user-supplied input.

Key Concerns

AJAX handlers without auth checks
Critical severity taint flows
High severity taint flows
Flows with unsanitized paths
Known high severity CVEs
Known medium severity CVEs
Dangerous functions (exec, shell_exec, unserialize)
Bundled libraries (DataTables, Guzzle)

Vulnerabilities

WPMasterToolKit (WPMTK) – All in one plugin Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

2 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2026-24388medium · 4.3Missing Authorization

WPMasterToolKit <= 2.14.0 - Missing Authorization

Jan 15, 2026 Patched in 2.14.1 (14d)

CVE-2025-14166medium · 5.3Improper Control of Generation of Code ('Code Injection')

WPMasterToolKit (WPMTK) <= 2.13.0 - Authenticated (Contributor+) Code Injection

Dec 11, 2025 Patched in 2.13.1 (1d)

CVE-2025-3300high · 7.2Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write

Apr 23, 2025 Patched in 2.6.0 (7d)

CVE-2024-56249high · 7.2Unrestricted Upload of File with Dangerous Type

WPMasterToolKit <= 1.13.1 - Authenticated (Admin+) Arbitrary File Upload

Dec 30, 2024 Patched in 1.14.0 (10d)

CVE-2024-56248medium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

WPMasterToolKit <= 1.13.1 - Authenticated (Admin+) Arbitrary File Download

Dec 30, 2024 Patched in 1.14.0 (10d)

Code Analysis

Analyzed Mar 16, 2026

WPMasterToolKit (WPMTK) – All in one plugin Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

2720 escaped

Nonce Checks

Capability Checks

File Operations

109

External Requests

Bundled Libraries

Dangerous Functions Found

exec$exec_works = ( function_exists('exec') && ! ini_get('safe_mode') && @exec('echo EXEC') == 'EXEC' );admin\modules\core\class-file-manager.php:1699

exec@exec( $cmd, $output );admin\modules\core\class-file-manager.php:1706

shell_exec$mime = shell_exec( 'file -bi ' . $file );admin\modules\core\class-file-manager.php:2076

unserialize$unserialized_string = @unserialize( $serialized_string, array('allowed_classes' => false ) );admin\modules\core\class-search-replace-in-database.php:1109

Bundled Libraries

DataTablesGuzzle

SQL Query Safety

80% prepared30 total queries

Output Escaping

98% escaped2789 total outputs

Data Flows

95 unsanitized

Data Flow Analysis

25 flows95 with unsanitized paths

search_box (admin\helpers\core\mail-catcher\class-logs-list-table.php:102)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WPMasterToolKit (WPMTK) – All in one plugin Attack Surface

Entry Points25

Unprotected2

AJAX Handlers 22

authwp_ajax_wpmastertoolkit_get_debug_logadmin\modules\core\class-advanced-debug-mode.php:33

authwp_ajax_wpmastertoolkit_delete_debug_logadmin\modules\core\class-advanced-debug-mode.php:34

authwp_ajax_wpmtk_mail_catcher_previewadmin\modules\core\class-mail-catcher.php:36

authwp_ajax_wpmastertoolkit_maintenance_mode_adminbar_toggleadmin\modules\core\class-maintenance-mode.php:35

authwp_ajax_wpmtk_media_encoder_preview_modeadmin\modules\core\class-media-encoder.php:90

authwp_ajax_wpmtk_media_encoder_start_bulkadmin\modules\core\class-media-encoder.php:91

authwp_ajax_wpmtk_media_encoder_stop_bulkadmin\modules\core\class-media-encoder.php:92

authwp_ajax_wpmtk_media_encoder_progress_bulkadmin\modules\core\class-media-encoder.php:93

authwp_ajax_wpmtk_media_encoder_start_singleadmin\modules\core\class-media-encoder.php:94

authwp_ajax_wpmtk_media_encoder_undo_singleadmin\modules\core\class-media-encoder.php:95

authwp_ajax_wpmtk_media_encoder_start_single_migrationadmin\modules\core\class-media-encoder.php:96

authwp_ajax_wpmtk_media_encoder_start_bulk_migrationadmin\modules\core\class-media-encoder.php:97

authwp_ajax_wpmtk_media_encoder_stop_bulk_migrationadmin\modules\core\class-media-encoder.php:98

authwp_ajax_wpmtk_media_encoder_progress_bulk_migrationadmin\modules\core\class-media-encoder.php:99

authwp_ajax_wpmtk_register_custom_content_typesadmin\modules\core\class-register-custom-content-types.php:88

authwp_ajax_wpmtk_search_replace_in_database_startadmin\modules\core\class-search-replace-in-database.php:37

authwp_ajax_wpmtk_delete_temporary_useradmin\modules\core\class-temporary-login.php:52

authwp_ajax_wpmtk_delete_all_temporary_usersadmin\modules\core\class-temporary-login.php:53

authwp_ajax_wpmtk_copy_login_linkadmin\modules\core\class-temporary-login.php:54

authwp_ajax_wpmtk_resend_emailadmin\modules\core\class-temporary-login.php:55

authwp_ajax_wpmastertoolkit_regenerate_assetsincludes\class-wp-mastertoolkit.php:189

authwp_ajax_wpmastertoolkit_get_system_infoincludes\class-wp-mastertoolkit.php:190

Shortcodes 3

[wpmtk_changelog] admin\class-settings.php:333

[wpmtk_code_snippets] admin\modules\core\class-code-snippets.php:28

[wpm_obfuscate] admin\modules\core\class-obfuscate-email-address.php:24

WordPress Hooks 453

filterwpmastertoolkit/foldersadmin\class-logs.php:42

filterupgrader_pre_installadmin\class-surecart-update.php:24

filterupgrader_post_installadmin\class-surecart-update.php:25

filterwpmastertoolkit/foldersadmin\class-wp-config.php:73

filterupgrader_pre_installadmin\helpers\core\plugin-theme-rollback\class-rollback-plugin.php:31

filterupgrader_post_installadmin\helpers\core\plugin-theme-rollback\class-rollback-plugin.php:32

filterupgrader_pre_installadmin\helpers\core\plugin-theme-rollback\class-rollback-theme.php:30

filterupgrader_post_installadmin\helpers\core\plugin-theme-rollback\class-rollback-theme.php:31

filterupgrader_clear_destinationadmin\helpers\core\plugin-theme-rollback\class-rollback-theme.php:32

actioninitadmin\modules\core\class-adminer.php:31

actionadmin_menuadmin\modules\core\class-adminer.php:32

actionadmin_initadmin\modules\core\class-adminer.php:33

filtercron_schedulesadmin\modules\core\class-adminer.php:34

actionwpadmin\modules\core\class-adminer.php:35

filterwpmastertoolkit/foldersadmin\modules\core\class-adminer.php:38

actioninitadmin\modules\core\class-advanced-debug-mode.php:29

actionadmin_menuadmin\modules\core\class-advanced-debug-mode.php:30

actionadmin_initadmin\modules\core\class-advanced-debug-mode.php:31

filterwpmastertoolkit_nginx_code_snippetsadmin\modules\core\class-advanced-debug-mode.php:32

filterwpmastertoolkit/foldersadmin\modules\core\class-advanced-debug-mode.php:35

actionadmin_initadmin\modules\core\class-apple-touch-icon.php:17

actionadmin_enqueue_scriptsadmin\modules\core\class-apple-touch-icon.php:18

filtersite_icon_meta_tagsadmin\modules\core\class-apple-touch-icon.php:19

actioninitadmin\modules\core\class-auto-regenerate-salt-keys.php:36

actionadmin_menuadmin\modules\core\class-auto-regenerate-salt-keys.php:37

actionadmin_initadmin\modules\core\class-auto-regenerate-salt-keys.php:38

filtercron_schedulesadmin\modules\core\class-auto-regenerate-salt-keys.php:39

actionwpadmin\modules\core\class-auto-regenerate-salt-keys.php:40

actioninitadmin\modules\core\class-ban-emails.php:26

actionadmin_menuadmin\modules\core\class-ban-emails.php:27

actionadmin_initadmin\modules\core\class-ban-emails.php:28

actionregister_postadmin\modules\core\class-ban-emails.php:29

filterillegal_user_loginsadmin\modules\core\class-blacklisted-usernames.php:52

actionadmin_initadmin\modules\core\class-blacklisted-usernames.php:53

actionadmin_noticesadmin\modules\core\class-blacklisted-usernames.php:90

filterpre_user_emailadmin\modules\core\class-block-user-registration-from-disposable-email.php:328

actioninitadmin\modules\core\class-browser-theme-color.php:26

actionadmin_menuadmin\modules\core\class-browser-theme-color.php:27

actionadmin_initadmin\modules\core\class-browser-theme-color.php:28

actionwp_headadmin\modules\core\class-browser-theme-color.php:29

actioninitadmin\modules\core\class-child-theme-generator.php:23

actionadmin_menuadmin\modules\core\class-child-theme-generator.php:24

actionadmin_initadmin\modules\core\class-child-theme-generator.php:25

actioninitadmin\modules\core\class-clean-profiles.php:26

actionadmin_menuadmin\modules\core\class-clean-profiles.php:27

actionadmin_initadmin\modules\core\class-clean-profiles.php:28

actionadmin_headadmin\modules\core\class-clean-profiles.php:29

actioninitadmin\modules\core\class-clean-up-admin-bar.php:26

actionadmin_menuadmin\modules\core\class-clean-up-admin-bar.php:27

actionadmin_initadmin\modules\core\class-clean-up-admin-bar.php:28

filteradmin_bar_menuadmin\modules\core\class-clean-up-admin-bar.php:29

actionadmin_headadmin\modules\core\class-clean-up-admin-bar.php:30

actioninitadmin\modules\core\class-code-snippets.php:23

actionadd_meta_boxesadmin\modules\core\class-code-snippets.php:24

actionadmin_enqueue_scriptsadmin\modules\core\class-code-snippets.php:25

filteradmin_body_classadmin\modules\core\class-code-snippets.php:26

actionsave_post_wpmtk_code_snippetsadmin\modules\core\class-code-snippets.php:27

filtermanage_wpmtk_code_snippets_posts_columnsadmin\modules\core\class-code-snippets.php:30

actionmanage_wpmtk_code_snippets_posts_custom_columnadmin\modules\core\class-code-snippets.php:31

actionadmin_footer-edit.phpadmin\modules\core\class-code-snippets.php:33

actionadmin_initadmin\modules\core\class-code-snippets.php:34

actionbefore_delete_postadmin\modules\core\class-code-snippets.php:36

filterwp_insert_post_dataadmin\modules\core\class-code-snippets.php:39

filterwpmastertoolkit/foldersadmin\modules\core\class-code-snippets.php:41

actionadmin_noticesadmin\modules\core\class-code-snippets.php:775

filterpage_row_actionsadmin\modules\core\class-content-duplication.php:18

filterpost_row_actionsadmin\modules\core\class-content-duplication.php:19

actionadmin_action_wpmastertoolkit_content_duplicationadmin\modules\core\class-content-duplication.php:20

actioninitadmin\modules\core\class-content-order.php:26

actionadmin_menuadmin\modules\core\class-content-order.php:27

actionadmin_initadmin\modules\core\class-content-order.php:28

actionadmin_menuadmin\modules\core\class-content-order.php:29

actioninitadmin\modules\core\class-custom-admin-css.php:26

actionadmin_menuadmin\modules\core\class-custom-admin-css.php:27

actionadmin_initadmin\modules\core\class-custom-admin-css.php:28

filteradmin_print_footer_scriptsadmin\modules\core\class-custom-admin-css.php:29

actioninitadmin\modules\core\class-custom-body-class.php:28

actionadmin_menuadmin\modules\core\class-custom-body-class.php:29

actionadmin_initadmin\modules\core\class-custom-body-class.php:30

actionadd_meta_boxesadmin\modules\core\class-custom-body-class.php:31

actionsave_postadmin\modules\core\class-custom-body-class.php:32

filterbody_classadmin\modules\core\class-custom-body-class.php:33

actioninitadmin\modules\core\class-custom-frontend-css.php:26

actionadmin_menuadmin\modules\core\class-custom-frontend-css.php:27

actionadmin_initadmin\modules\core\class-custom-frontend-css.php:28

filterwp_headadmin\modules\core\class-custom-frontend-css.php:29

filterwp_nav_menu_item_custom_fieldsadmin\modules\core\class-custom-link-menu-new-tab.php:18

actionwp_update_nav_menu_itemadmin\modules\core\class-custom-link-menu-new-tab.php:19

actionnav_menu_link_attributesadmin\modules\core\class-custom-link-menu-new-tab.php:20

actionadmin_initadmin\modules\core\class-disable-all-updates.php:21

filterautomatic_updater_disabledadmin\modules\core\class-disable-all-updates.php:34

filterauto_update_coreadmin\modules\core\class-disable-all-updates.php:43

filterwp_auto_update_coreadmin\modules\core\class-disable-all-updates.php:44

filterallow_minor_auto_core_updatesadmin\modules\core\class-disable-all-updates.php:45

filterallow_major_auto_core_updatesadmin\modules\core\class-disable-all-updates.php:46

filterallow_dev_auto_core_updatesadmin\modules\core\class-disable-all-updates.php:47

filterauto_core_update_send_emailadmin\modules\core\class-disable-all-updates.php:54

filtersend_core_update_notification_emailadmin\modules\core\class-disable-all-updates.php:55

filterautomatic_updates_send_debug_emailadmin\modules\core\class-disable-all-updates.php:56

actionadmin_menuadmin\modules\core\class-disable-all-updates.php:58

filterpre_option_update_coreadmin\modules\core\class-disable-all-updates.php:74

filtersite_status_testsadmin\modules\core\class-disable-all-updates.php:95

actioninitadmin\modules\core\class-disable-block-widgets-settings-screen.php:17

filtergutenberg_use_widgets_block_editoradmin\modules\core\class-disable-block-widgets-settings-screen.php:25

filteruse_widgets_block_editoradmin\modules\core\class-disable-block-widgets-settings-screen.php:26

actionwp_enqueue_scriptsadmin\modules\core\class-disable-cart-fragments-scripts.php:17

actionadmin_enqueue_scriptsadmin\modules\core\class-disable-cart-fragments-scripts.php:18

actioninitadmin\modules\core\class-disable-dashboard-widgets.php:26

actionadmin_menuadmin\modules\core\class-disable-dashboard-widgets.php:27

actionadmin_initadmin\modules\core\class-disable-dashboard-widgets.php:28

actionwp_dashboard_setupadmin\modules\core\class-disable-dashboard-widgets.php:29

actioninitadmin\modules\core\class-disable-dashicons-css-js-files.php:17

actioninitadmin\modules\core\class-disable-emoji-support.php:17

actionadmin_initadmin\modules\core\class-disable-emoji-support.php:31

filteremoji_svg_urladmin\modules\core\class-disable-emoji-support.php:32

filtertiny_mce_pluginsadmin\modules\core\class-disable-emoji-support.php:33

filterwp_resource_hintsadmin\modules\core\class-disable-emoji-support.php:34

filteroption_use_smiliesadmin\modules\core\class-disable-emoji-support.php:35

actiondo_feedadmin\modules\core\class-disable-feeds.php:18

actiondo_feed_rdfadmin\modules\core\class-disable-feeds.php:19

actiondo_feed_rssadmin\modules\core\class-disable-feeds.php:20

actiondo_feed_rss2admin\modules\core\class-disable-feeds.php:21

actiondo_feed_atomadmin\modules\core\class-disable-feeds.php:22

actiondo_feed_rss2_commentsadmin\modules\core\class-disable-feeds.php:23

actiondo_feed_atom_commentsadmin\modules\core\class-disable-feeds.php:24

actioninitadmin\modules\core\class-disable-gutenberg.php:42

actionadmin_menuadmin\modules\core\class-disable-gutenberg.php:43

actionadmin_initadmin\modules\core\class-disable-gutenberg.php:44

filteruse_block_editor_for_postadmin\modules\core\class-disable-gutenberg.php:45

actionwp_enqueue_scriptsadmin\modules\core\class-disable-gutenberg.php:46

filtergutenberg_use_widgets_block_editoradmin\modules\core\class-disable-gutenberg.php:47

filteruse_widgets_block_editoradmin\modules\core\class-disable-gutenberg.php:48

actionwp_default_scriptsadmin\modules\core\class-disable-jquery-migrate.php:17

actioninitadmin\modules\core\class-disable-really-simple-discovery-tag.php:17

filterrest_authentication_errorsadmin\modules\core\class-disable-rest-api.php:19

filterjson_enabledadmin\modules\core\class-disable-rest-api.php:22

filterjson_jsonp_enabledadmin\modules\core\class-disable-rest-api.php:23

filterrest_enabledadmin\modules\core\class-disable-rest-api.php:25

filterrest_jsonp_enabledadmin\modules\core\class-disable-rest-api.php:26

actioninitadmin\modules\core\class-disable-shortlink-tag.php:17

actioninitadmin\modules\core\class-disable-windows-live-writer-tag.php:17

filterpre_wp_mailadmin\modules\core\class-disable-wp-mail.php:12

filterwp_sitemaps_enabledadmin\modules\core\class-disable-wp-sitemap.php:16

filterxmlrpc_enabledadmin\modules\core\class-disable-xmlrpc.php:18

filterwp_xmlrpc_server_classadmin\modules\core\class-disable-xmlrpc.php:19

actionplugins_loadedadmin\modules\core\class-disallow-bad-requests.php:19

filterwpmastertoolkit_nginx_code_snippetsadmin\modules\core\class-disallow-dir-listing.php:19

filterwpmastertoolkit_nginx_code_snippetsadmin\modules\core\class-disallow-malicious-file-access-in-upload.php:19

filterwp_handle_upload_prefilteradmin\modules\core\class-disallow-plugin-upload.php:17

actionadmin_print_styles-plugin-install.phpadmin\modules\core\class-disallow-plugin-upload.php:18

filterpre_option_users_can_registeradmin\modules\core\class-disallow-register-user.php:17

actionadmin_head-options-general.phpadmin\modules\core\class-disallow-register-user.php:18

filterwp_handle_upload_prefilteradmin\modules\core\class-disallow-theme-upload.php:17

actionadmin_print_styles-theme-install.phpadmin\modules\core\class-disallow-theme-upload.php:18

actionadmin_initadmin\modules\core\class-disallow-wp-file-edit.php:17

actioninitadmin\modules\core\class-duplicate-menu.php:21

actionadmin_menuadmin\modules\core\class-duplicate-menu.php:22

actioninitadmin\modules\core\class-enhance-list-tables.php:26

actionadmin_menuadmin\modules\core\class-enhance-list-tables.php:27

actionadmin_initadmin\modules\core\class-enhance-list-tables.php:28

filtermanage_posts_columnsadmin\modules\core\class-enhance-list-tables.php:29

filtermanage_pages_columnsadmin\modules\core\class-enhance-list-tables.php:30

actionmanage_posts_custom_columnadmin\modules\core\class-enhance-list-tables.php:31

actionmanage_pages_custom_columnadmin\modules\core\class-enhance-list-tables.php:32

actioninitadmin\modules\core\class-enhance-list-tables.php:33

filtermanage_media_columnsadmin\modules\core\class-enhance-list-tables.php:34

actionmanage_media_custom_columnadmin\modules\core\class-enhance-list-tables.php:35

filtermanage_edit-comments_columnsadmin\modules\core\class-enhance-list-tables.php:36

actionmanage_comments_custom_columnadmin\modules\core\class-enhance-list-tables.php:37

filtermanage_users_columnsadmin\modules\core\class-enhance-list-tables.php:38

actionmanage_users_custom_columnadmin\modules\core\class-enhance-list-tables.php:39

filterpost_row_actionsadmin\modules\core\class-enhance-list-tables.php:41

filterpage_row_actionsadmin\modules\core\class-enhance-list-tables.php:42

filtertag_row_actionsadmin\modules\core\class-enhance-list-tables.php:43

filtermedia_row_actionsadmin\modules\core\class-enhance-list-tables.php:44

filtercomment_row_actionsadmin\modules\core\class-enhance-list-tables.php:45

filteruser_row_actionsadmin\modules\core\class-enhance-list-tables.php:46

filterpost_row_actionsadmin\modules\core\class-export-posts-pages.php:20

filterpage_row_actionsadmin\modules\core\class-export-posts-pages.php:21

filterbulk_actions-edit-postadmin\modules\core\class-export-posts-pages.php:23

filterbulk_actions-edit-pageadmin\modules\core\class-export-posts-pages.php:24

filterhandle_bulk_actions-edit-postadmin\modules\core\class-export-posts-pages.php:25

filterhandle_bulk_actions-edit-pageadmin\modules\core\class-export-posts-pages.php:26

filteruser_row_actionsadmin\modules\core\class-export-users.php:20

filterbulk_actions-usersadmin\modules\core\class-export-users.php:21

filterhandle_bulk_actions-usersadmin\modules\core\class-export-users.php:22

actioninitadmin\modules\core\class-external-links-new-tab.php:27

actionadmin_menuadmin\modules\core\class-external-links-new-tab.php:28

actionadmin_initadmin\modules\core\class-external-links-new-tab.php:29

filterthe_contentadmin\modules\core\class-external-links-new-tab.php:31

actioninitadmin\modules\core\class-external-permalinks.php:26

actionadmin_menuadmin\modules\core\class-external-permalinks.php:27

actionadmin_initadmin\modules\core\class-external-permalinks.php:28

actionadd_meta_boxesadmin\modules\core\class-external-permalinks.php:29

actionsave_postadmin\modules\core\class-external-permalinks.php:30

filterpage_linkadmin\modules\core\class-external-permalinks.php:31

filterpost_linkadmin\modules\core\class-external-permalinks.php:32

filterpost_type_linkadmin\modules\core\class-external-permalinks.php:33

actionwpadmin\modules\core\class-external-permalinks.php:34

actionwp_enqueue_scriptsadmin\modules\core\class-external-permalinks.php:35

actioninitadmin\modules\core\class-file-manager.php:44

actionadmin_menuadmin\modules\core\class-file-manager.php:45

actionadmin_noticesadmin\modules\core\class-file-manager.php:46

actioninitadmin\modules\core\class-force-ssl.php:19

filteroption_siteurladmin\modules\core\class-force-ssl.php:20

filteroption_homeadmin\modules\core\class-force-ssl.php:21

filterwpmastertoolkit_nginx_code_snippetsadmin\modules\core\class-force-ssl.php:22

actionuser_profile_update_errorsadmin\modules\core\class-force-strong-password.php:17

actionadmin_print_stylesadmin\modules\core\class-force-strong-password.php:20

actionregistration_errorsadmin\modules\core\class-force-strong-password.php:21

actionadmin_enqueue_scriptsadmin\modules\core\class-force-strong-password.php:22

actionvalidate_password_resetadmin\modules\core\class-force-strong-password.php:25

actionresetpass_formadmin\modules\core\class-force-strong-password.php:26

actionresetpass_formadmin\modules\core\class-force-strong-password.php:27

actioninitadmin\modules\core\class-heartbeat-control.php:26

actionadmin_menuadmin\modules\core\class-heartbeat-control.php:27

actionadmin_initadmin\modules\core\class-heartbeat-control.php:28

filterheartbeat_settingsadmin\modules\core\class-heartbeat-control.php:29

actionadmin_enqueue_scriptsadmin\modules\core\class-heartbeat-control.php:30

actionwp_enqueue_scriptsadmin\modules\core\class-heartbeat-control.php:31

actioninitadmin\modules\core\class-hide-admin-bar.php:29

actionadmin_menuadmin\modules\core\class-hide-admin-bar.php:30

actionadmin_initadmin\modules\core\class-hide-admin-bar.php:31

filtershow_admin_baradmin\modules\core\class-hide-admin-bar.php:32

actionadmin_enqueue_scriptsadmin\modules\core\class-hide-admin-notices.php:17

actionwp_before_admin_bar_renderadmin\modules\core\class-hide-admin-notices.php:18

actionadmin_footeradmin\modules\core\class-hide-admin-notices.php:19

filterlogin_errorsadmin\modules\core\class-hide-login-errors.php:16

filterwpmastertoolkit_nginx_code_snippetsadmin\modules\core\class-hide-php-versions.php:23

filterthe_generatoradmin\modules\core\class-hide-wordpress-version.php:35

filterscript_loader_srcadmin\modules\core\class-hide-wordpress-version.php:37

filterstyle_loader_srcadmin\modules\core\class-hide-wordpress-version.php:38

filterupdate_footeradmin\modules\core\class-hide-wordpress-version.php:40

actioninitadmin\modules\core\class-image-upload-control.php:41

actionadmin_menuadmin\modules\core\class-image-upload-control.php:42

actionadmin_initadmin\modules\core\class-image-upload-control.php:43

filterwp_handle_uploadadmin\modules\core\class-image-upload-control.php:44

filterbig_image_size_thresholdadmin\modules\core\class-image-upload-control.php:45

actioninitadmin\modules\core\class-insert-head-body-footer-code.php:26

actionadmin_menuadmin\modules\core\class-insert-head-body-footer-code.php:27

actionadmin_initadmin\modules\core\class-insert-head-body-footer-code.php:28

actionwp_headadmin\modules\core\class-insert-head-body-footer-code.php:44

actionwp_body_openadmin\modules\core\class-insert-head-body-footer-code.php:45

actionwp_footeradmin\modules\core\class-insert-head-body-footer-code.php:46

actionwp_loginadmin\modules\core\class-last-login-column.php:18

filtermanage_users_columnsadmin\modules\core\class-last-login-column.php:19

filtermanage_users_custom_columnadmin\modules\core\class-last-login-column.php:20

actioninitadmin\modules\core\class-limit-login-attempts.php:26

actionadmin_menuadmin\modules\core\class-limit-login-attempts.php:27

actionadmin_initadmin\modules\core\class-limit-login-attempts.php:28

filterauthenticateadmin\modules\core\class-limit-login-attempts.php:29

actionwp_login_errorsadmin\modules\core\class-limit-login-attempts.php:30

actionlogin_enqueue_scriptsadmin\modules\core\class-limit-login-attempts.php:31

actionwp_login_failedadmin\modules\core\class-limit-login-attempts.php:32

actionwp_loginadmin\modules\core\class-limit-login-attempts.php:33

actionadmin_enqueue_scriptsadmin\modules\core\class-local-avatars.php:24

actionshow_user_profileadmin\modules\core\class-local-avatars.php:25

actionedit_user_profileadmin\modules\core\class-local-avatars.php:26

actionpersonal_options_updateadmin\modules\core\class-local-avatars.php:27

actionedit_user_profile_updateadmin\modules\core\class-local-avatars.php:28

filterget_avatar_dataadmin\modules\core\class-local-avatars.php:29

actionafter_setup_themeadmin\modules\core\class-local-avatars.php:30

actionadmin_head-options-general.phpadmin\modules\core\class-lock-admin-email.php:17

filterpre_option_admin_emailadmin\modules\core\class-lock-admin-email.php:18

filterpre_option_new_admin_emailadmin\modules\core\class-lock-admin-email.php:19

filterpre_update_optionadmin\modules\core\class-lock-admin-email.php:20

actionadmin_head-options-general.phpadmin\modules\core\class-lock-site-url.php:17

filterpre_option_homeadmin\modules\core\class-lock-site-url.php:18

filterpre_option_siteurladmin\modules\core\class-lock-site-url.php:19

filterpre_update_option_homeadmin\modules\core\class-lock-site-url.php:20

filterpre_update_option_siteurladmin\modules\core\class-lock-site-url.php:21

actionadmin_head-nav-menus.phpadmin\modules\core\class-login-logout-menu.php:17

filterwp_setup_nav_menu_itemadmin\modules\core\class-login-logout-menu.php:18

filterwp_nav_menu_objectsadmin\modules\core\class-login-logout-menu.php:19

actioninitadmin\modules\core\class-mail-catcher.php:29

filteradmin_body_classadmin\modules\core\class-mail-catcher.php:30

actionadmin_menuadmin\modules\core\class-mail-catcher.php:31

actionadmin_initadmin\modules\core\class-mail-catcher.php:32

actionadmin_initadmin\modules\core\class-mail-catcher.php:33

filterwp_mailadmin\modules\core\class-mail-catcher.php:34

actionwp_mail_failedadmin\modules\core\class-mail-catcher.php:35

actioninitadmin\modules\core\class-maintenance-mode.php:30

actionadmin_menuadmin\modules\core\class-maintenance-mode.php:31

actionadmin_initadmin\modules\core\class-maintenance-mode.php:32

actiontemplate_includeadmin\modules\core\class-maintenance-mode.php:33

actionadmin_bar_menuadmin\modules\core\class-maintenance-mode.php:34

actioninitadmin\modules\core\class-manage-ads-txt.php:26

actionadmin_menuadmin\modules\core\class-manage-ads-txt.php:27

actionadmin_initadmin\modules\core\class-manage-ads-txt.php:28

actioninitadmin\modules\core\class-manage-robots-txt.php:26

actionadmin_menuadmin\modules\core\class-manage-robots-txt.php:27

actionadmin_initadmin\modules\core\class-manage-robots-txt.php:28

filterrobots_txtadmin\modules\core\class-manage-robots-txt.php:29

actioninitadmin\modules\core\class-media-cleaner.php:26

actionadmin_menuadmin\modules\core\class-media-cleaner.php:27

actionadmin_initadmin\modules\core\class-media-cleaner.php:28

filterwp_handle_upload_prefilteradmin\modules\core\class-media-cleaner.php:29

filterwp_generate_attachment_metadataadmin\modules\core\class-media-cleaner.php:30

actioninitadmin\modules\core\class-media-encoder.php:69

actionadmin_menuadmin\modules\core\class-media-encoder.php:70

actionadmin_initadmin\modules\core\class-media-encoder.php:71

filterwpmastertoolkit_nginx_code_snippetsadmin\modules\core\class-media-encoder.php:72

filterwp_handle_upload_prefilteradmin\modules\core\class-media-encoder.php:74

filterwp_generate_attachment_metadataadmin\modules\core\class-media-encoder.php:75

filterwp_generate_attachment_metadataadmin\modules\core\class-media-encoder.php:76

filterwp_editor_set_qualityadmin\modules\core\class-media-encoder.php:77

actiondelete_attachmentadmin\modules\core\class-media-encoder.php:78

filterattachment_fields_to_editadmin\modules\core\class-media-encoder.php:80

filtermanage_media_columnsadmin\modules\core\class-media-encoder.php:81

actionmanage_media_custom_columnadmin\modules\core\class-media-encoder.php:82

actionattachment_submitbox_misc_actionsadmin\modules\core\class-media-encoder.php:83

actionadmin_enqueue_scriptsadmin\modules\core\class-media-encoder.php:84

filtercron_schedulesadmin\modules\core\class-media-encoder.php:86

actiontemplate_redirectadmin\modules\core\class-media-encoder.php:101

actioninitadmin\modules\core\class-meta-debugger.php:20

actionadd_meta_boxesadmin\modules\core\class-meta-debugger.php:21

actionshow_user_profileadmin\modules\core\class-meta-debugger.php:22

actionedit_user_profileadmin\modules\core\class-meta-debugger.php:23

actionwoocommerce_after_order_itemmetaadmin\modules\core\class-meta-debugger.php:24

actionwp_before_admin_bar_renderadmin\modules\core\class-move-login-url.php:34

actioninitadmin\modules\core\class-move-login-url.php:37

actionplugins_loadedadmin\modules\core\class-move-login-url.php:38

actionwp_loadedadmin\modules\core\class-move-login-url.php:39

actionsetup_themeadmin\modules\core\class-move-login-url.php:40

filtersite_urladmin\modules\core\class-move-login-url.php:42

filternetwork_site_urladmin\modules\core\class-move-login-url.php:43

filterwp_redirectadmin\modules\core\class-move-login-url.php:44

actiontemplate_redirectadmin\modules\core\class-move-login-url.php:46

filterlogin_urladmin\modules\core\class-move-login-url.php:47

filteruser_request_action_email_contentadmin\modules\core\class-move-login-url.php:49

filtersite_status_testsadmin\modules\core\class-move-login-url.php:51

filteroption_trp_settingsadmin\modules\core\class-move-login-url.php:54

actionadmin_menuadmin\modules\core\class-move-login-url.php:56

actionadmin_initadmin\modules\core\class-move-login-url.php:57

filterwpmastertoolkit_nginx_code_snippetsadmin\modules\core\class-move-login-url.php:59

actionadmin_enqueue_scriptsadmin\modules\core\class-multiple-user-roles.php:23

actionshow_user_profileadmin\modules\core\class-multiple-user-roles.php:24

actionedit_user_profileadmin\modules\core\class-multiple-user-roles.php:25

actionuser_new_formadmin\modules\core\class-multiple-user-roles.php:26

actionpersonal_options_updateadmin\modules\core\class-multiple-user-roles.php:27

actionedit_user_profile_updateadmin\modules\core\class-multiple-user-roles.php:28

actionuser_registeradmin\modules\core\class-multiple-user-roles.php:29

actionwp_nav_menu_item_custom_fieldsadmin\modules\core\class-nav-menu-visibility.php:19

actionwp_update_nav_menu_itemadmin\modules\core\class-nav-menu-visibility.php:20

filterwp_get_nav_menu_itemsadmin\modules\core\class-nav-menu-visibility.php:21

actioninitadmin\modules\core\class-nginx-code-snippets.php:24

actionadmin_menuadmin\modules\core\class-nginx-code-snippets.php:27

actionpre_get_postsadmin\modules\core\class-obfuscate-author-slugs.php:17

filterauthor_linkadmin\modules\core\class-obfuscate-author-slugs.php:18

filterrest_prepare_useradmin\modules\core\class-obfuscate-author-slugs.php:19

filterwidget_textadmin\modules\core\class-obfuscate-email-address.php:25

filterwidget_textadmin\modules\core\class-obfuscate-email-address.php:26

actionwp_footeradmin\modules\core\class-obfuscate-email-address.php:27

actioninitadmin\modules\core\class-password-protection.php:31

actionadmin_menuadmin\modules\core\class-password-protection.php:32

actionadmin_initadmin\modules\core\class-password-protection.php:33

actionwp_before_admin_bar_renderadmin\modules\core\class-password-protection.php:35

actionadmin_headadmin\modules\core\class-password-protection.php:36

actionwp_headadmin\modules\core\class-password-protection.php:37

actioninitadmin\modules\core\class-password-protection.php:38

actiontemplate_redirectadmin\modules\core\class-password-protection.php:39

actioninitadmin\modules\core\class-password-protection.php:40

actioninitadmin\modules\core\class-plugin-theme-rollback.php:30

actionadmin_enqueue_scriptsadmin\modules\core\class-plugin-theme-rollback.php:31

filterplugin_action_linksadmin\modules\core\class-plugin-theme-rollback.php:32

filtertheme_action_linksadmin\modules\core\class-plugin-theme-rollback.php:33

filterwp_prepare_themes_for_jsadmin\modules\core\class-plugin-theme-rollback.php:35

actionadmin_menuadmin\modules\core\class-plugin-theme-rollback.php:36

actioninitadmin\modules\core\class-post-per-page.php:27

actionadmin_menuadmin\modules\core\class-post-per-page.php:28

actionadmin_initadmin\modules\core\class-post-per-page.php:29

actionpre_get_postsadmin\modules\core\class-post-per-page.php:30

actiontemplate_redirectadmin\modules\core\class-prevent-user-enumeration.php:17

filterauthor_linkadmin\modules\core\class-prevent-user-enumeration.php:18

actioninitadmin\modules\core\class-prevent-user-enumeration.php:19

filterrest_request_before_callbacksadmin\modules\core\class-prevent-user-enumeration.php:20

actioninitadmin\modules\core\class-protect-website-headers.php:28

actionadmin_menuadmin\modules\core\class-protect-website-headers.php:29

actionadmin_initadmin\modules\core\class-protect-website-headers.php:30

filterwpmastertoolkit_nginx_code_snippetsadmin\modules\core\class-protect-website-headers.php:31

filterwp_headersadmin\modules\core\class-protect-website-headers.php:32

actionwp_headadmin\modules\core\class-publish-missed-schedule-posts.php:19

actionadmin_headadmin\modules\core\class-publish-missed-schedule-posts.php:20

actionadmin_enqueue_scriptsadmin\modules\core\class-quick-add-post.php:17

filterwpadmin\modules\core\class-redirect-404-home.php:16

actioninitadmin\modules\core\class-redirect-after-login.php:26

actionadmin_menuadmin\modules\core\class-redirect-after-login.php:27

actionadmin_initadmin\modules\core\class-redirect-after-login.php:28

filterwp_loginadmin\modules\core\class-redirect-after-login.php:29

actioninitadmin\modules\core\class-redirect-after-logout.php:26

actionadmin_menuadmin\modules\core\class-redirect-after-logout.php:27

actionadmin_initadmin\modules\core\class-redirect-after-logout.php:28

actionwp_logoutadmin\modules\core\class-redirect-after-logout.php:29

actioninitadmin\modules\core\class-register-custom-content-types.php:72

actionadd_meta_boxesadmin\modules\core\class-register-custom-content-types.php:75

actionadmin_enqueue_scriptsadmin\modules\core\class-register-custom-content-types.php:76

filteradmin_body_classadmin\modules\core\class-register-custom-content-types.php:77

filterwp_sitemaps_post_typesadmin\modules\core\class-register-custom-content-types.php:78

actionedit_form_topadmin\modules\core\class-register-custom-content-types.php:79

actionbefore_delete_postadmin\modules\core\class-register-custom-content-types.php:82

actionwp_trash_postadmin\modules\core\class-register-custom-content-types.php:83

filterwpmastertoolkit/foldersadmin\modules\core\class-register-custom-content-types.php:85

actionadmin_footeradmin\modules\core\class-register-custom-content-types.php:87

filtercron_schedulesadmin\modules\core\class-register-custom-content-types.php:90

actionadmin_menuadmin\modules\core\class-register-custom-content-types.php:98

actionsubmenu_fileadmin\modules\core\class-register-custom-content-types.php:99

actioninitadmin\modules\core\class-revisions-control.php:25

actionadmin_menuadmin\modules\core\class-revisions-control.php:26

actionadmin_initadmin\modules\core\class-revisions-control.php:27

filterwp_revisions_to_keepadmin\modules\core\class-revisions-control.php:28

actioninitadmin\modules\core\class-search-replace-in-database.php:35

actionadmin_menuadmin\modules\core\class-search-replace-in-database.php:36

actioninitadmin\modules\core\class-smtp-mailer.php:88

actionadmin_menuadmin\modules\core\class-smtp-mailer.php:89

actionadmin_initadmin\modules\core\class-smtp-mailer.php:90

actioninitadmin\modules\core\class-smtp-mailer.php:92

actionadmin_initadmin\modules\core\class-smtp-mailer.php:93

filterwp_mail_fromadmin\modules\core\class-smtp-mailer.php:94

filterwp_mail_from_nameadmin\modules\core\class-smtp-mailer.php:95

actionphpmailer_initadmin\modules\core\class-smtp-mailer.php:96

actionplugins_loadedadmin\modules\core\class-smtp-mailer.php:97

filterwp_check_filetype_and_extadmin\modules\core\class-svg-upload.php:19

filterupload_mimesadmin\modules\core\class-svg-upload.php:20

filterwp_handle_upload_prefilteradmin\modules\core\class-svg-upload.php:21

actioninitadmin\modules\core\class-temporary-login.php:41

actionadmin_menuadmin\modules\core\class-temporary-login.php:42

actionadmin_initadmin\modules\core\class-temporary-login.php:43

filterwp_authenticate_useradmin\modules\core\class-temporary-login.php:46

actioninitadmin\modules\core\class-temporary-login.php:49

filtereditable_rolesadmin\modules\core\class-temporary-login.php:58

filtermap_meta_capadmin\modules\core\class-temporary-login.php:59

actionwpmtk_delete_expired_temp_usersadmin\modules\core\class-temporary-login.php:62

actionadmin_enqueue_scriptsadmin\modules\core\class-temporary-login.php:74

actioninitadmin\modules\core\class-wider-admin-menu.php:26

actionadmin_menuadmin\modules\core\class-wider-admin-menu.php:27

actionadmin_initadmin\modules\core\class-wider-admin-menu.php:28

actionadmin_headadmin\modules\core\class-wider-admin-menu.php:29

actionplugins_loadedincludes\class-wp-mastertoolkit.php:169

actionadmin_enqueue_scriptsincludes\class-wp-mastertoolkit.php:183

actionadmin_menuincludes\class-wp-mastertoolkit.php:184

actionadmin_initincludes\class-wp-mastertoolkit.php:185

actioninitincludes\class-wp-mastertoolkit.php:186

actioninitincludes\class-wp-mastertoolkit.php:187

actionwpmastertoolkit_daily_regenerate_assetsincludes\class-wp-mastertoolkit.php:188

actioninitincludes\class-wp-mastertoolkit.php:193

actionadmin_enqueue_scriptsincludes\class-wp-mastertoolkit.php:194

actionwpmastertoolkit_licensing/after_submit_sectionincludes\class-wp-mastertoolkit.php:195

actionwpmastertoolkit_licensing/license_activatedincludes\class-wp-mastertoolkit.php:196

actionwpmastertoolkit_licensing/license_deactivatedincludes\class-wp-mastertoolkit.php:197

actionadmin_noticeslicensing\src\Client.php:232

actionadmin_noticeslicensing\src\Client.php:254

actionadmin_menulicensing\src\Settings.php:75

filterplugins_apilicensing\src\Updater.php:49

Scheduled Events 2

wpmastertoolkit_daily_regenerate_assets

wpmtk_delete_expired_temp_users

Maintenance & Trust

WPMasterToolKit (WPMTK) – All in one plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.4

Downloads51K

Community Trust

Rating100/100

Number of ratings26

Active installs4K

Alternatives

WPMasterToolKit (WPMTK) – All in one plugin Alternatives

Admin Optimizer

admin-optimizer

100

SMTP Email, Two-factor Authentication, Custom Post Status, SVG File upload, Custom Login URL, Limit Login Attempts, Lock Modified Date, Database clean …

10 No CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Admin Menu Editor

admin-menu-editor

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 2 CVEs

InfiniteWP Client

iwp-client

Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your InfiniteWP Admin Panel.

200K 7 CVEs

WP Ghost (Hide My WP Ghost) – Security & Firewall

hide-my-wp

Hide and Secure WP paths, wp-login, wp-admin, and more. Hack Prevention, Security, Brute Force protection, 8G Firewall, 2FA Passkey Login, and more.

100K 7 CVEs

Developer Profile

WPMasterToolKit (WPMTK) – All in one plugin Developer Profile

Ludwig You

6 plugins · 13K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect WPMasterToolKit (WPMTK) – All in one plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpmastertoolkit/admin/assets/build/core/settings.css/wp-content/plugins/wpmastertoolkit/admin/assets/build/core/settings.js/wp-content/plugins/wpmastertoolkit/admin/assets/build/core/global-admin.css/wp-content/plugins/wpmastertoolkit/admin/assets/build/core/global-admin.js

Script Paths

/wp-content/plugins/wpmastertoolkit/admin/assets/build/core/settings.js/wp-content/plugins/wpmastertoolkit/admin/assets/build/core/global-admin.js

Version Parameters

wpmastertoolkit/admin/assets/build/core/settings.css?ver=wpmastertoolkit/admin/assets/build/core/settings.js?ver=wpmastertoolkit/admin/assets/build/core/global-admin.css?ver=wpmastertoolkit/admin/assets/build/core/global-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpmastertoolkit-admin-svg

Data Attributes

id="toplevel_page_wp-mastertoolkit-settings"

JS Globals

wpmastertoolkit_settingswpmastertoolkit_settings_ajaxwpmtk_global_admin_object

FAQ

WPMasterToolKit (WPMTK) – All in one plugin Security & Risk Analysis

Is WPMasterToolKit (WPMTK) – All in one plugin Safe to Use in 2026?

Generally Safe

Key Concerns

WPMasterToolKit (WPMTK) – All in one plugin Security Vulnerabilities

CVEs by Year

Severity Breakdown

WPMasterToolKit (WPMTK) – All in one plugin Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WPMasterToolKit (WPMTK) – All in one plugin Attack Surface

AJAX Handlers 22

Shortcodes 3

Scheduled Events 2

WPMasterToolKit (WPMTK) – All in one plugin Maintenance & Trust

Maintenance Signals

Community Trust

WPMasterToolKit (WPMTK) – All in one plugin Alternatives

Admin Optimizer

Loginizer

Admin Menu Editor

InfiniteWP Client

WP Ghost (Hide My WP Ghost) – Security & Firewall

WPMasterToolKit (WPMTK) – All in one plugin Developer Profile

How We Detect WPMasterToolKit (WPMTK) – All in one plugin

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WPMasterToolKit (WPMTK) – All in one plugin