Does toolbox百宝箱 have any unpatched vulnerabilities?

No. All known vulnerabilities in toolbox百宝箱 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is toolbox百宝箱 compatible with WordPress 6.9.4?

According to WordPress.org data, toolbox百宝箱 1.0.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is toolbox百宝箱 updated?

toolbox百宝箱 was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is toolbox百宝箱's security score?

toolbox百宝箱 has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

toolbox百宝箱 Security & Risk Analysis

wordpress.org/plugins/wzbaibaoxiang

含置顶,网页宠物, 哀悼, 禁止复制, 禁止查看源码, 弹幕, WP优化,媒体分类,预加载,定时发布,在线客服, 留言板, 手机客服, 网站背景, 公告, 跑马灯, 水印, 分享, 打赏, 海报图, 广告,数据库管理,图片加载特效。

200 active installs v1.0.6 PHP + WP 4.8+ Updated Mar 2, 2026

%e7%95%99%e8%a8%80%e6%9d%bf%e5%85%ac%e5%91%8a%e5%ae%a2%e6%9c%8d%e5%b9%bf%e5%91%8a%e6%b5%b7%e6%8a%a5%e5%9b%be

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is toolbox百宝箱 Safe to Use in 2026?

Generally Safe

Score 100/100

toolbox百宝箱 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "wzbaibaoxiang" v1.0.6 plugin exhibits a generally strong security posture based on the provided static analysis. The plugin has a significant number of AJAX handlers, but importantly, all of them appear to have authentication checks, which is a critical security measure. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for a high percentage of its SQL queries and includes a substantial number of nonce checks. The absence of dangerous functions, file operations, and critical or high-severity taint flows is also a positive indicator. The vulnerability history is entirely clean, with no recorded CVEs, which suggests a well-maintained and secure development history. However, a notable area for potential improvement lies in output escaping, where 39% of outputs are not properly escaped. While no immediate critical vulnerabilities are indicated by the current data, unescaped output can lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in those outputs. The plugin also makes external HTTP requests, which, while not inherently a vulnerability, represent an area where an attacker could potentially leverage a vulnerability in an external service or exploit a weakness in how these requests are handled within the plugin.

Key Concerns

Outputs not properly escaped

Vulnerabilities

None known

toolbox百宝箱 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

toolbox百宝箱 Code Analysis

Dangerous Functions

Raw SQL Queries

31 prepared

Unescaped Output

124

195 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared35 total queries

Output Escaping

61% escaped319 total outputs

Data Flows

All sanitized

Data Flow Analysis

8 flows

<media> (inc\media.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

toolbox百宝箱 Attack Surface

Entry Points43

Unprotected0

AJAX Handlers 43

authwp_ajax_save-attachment-compatinc\media.php:14

authwp_ajax_websitebox_get_vipinc\post.php:5

authwp_ajax_websitebox_vipinc\post.php:6

authwp_ajax_websitebox_changguiinc\post.php:8

authwp_ajax_websitebox_get_changguiinc\post.php:9

authwp_ajax_websitebox_youhuainc\post.php:10

authwp_ajax_websitebox_get_youhuainc\post.php:11

authwp_ajax_websitebox_kefuinc\post.php:12

authwp_ajax_websitebox_get_kefuinc\post.php:13

authwp_ajax_websitebox_shoujikefuinc\post.php:14

authwp_ajax_websitebox_get_shoujikefuinc\post.php:15

authwp_ajax_websitebox_liuyaninc\post.php:16

authwp_ajax_websitebox_get_liuyaninc\post.php:17

authwp_ajax_websitebox_delete_liuyaninc\post.php:18

authwp_ajax_websitebox_liuyan_listinc\post.php:19

authwp_ajax_websitebox_sitebginc\post.php:20

authwp_ajax_websitebox_get_sitebginc\post.php:21

authwp_ajax_websitebox_alertinc\post.php:22

authwp_ajax_websitebox_get_alertinc\post.php:23

authwp_ajax_websitebox_scrollinc\post.php:24

authwp_ajax_websitebox_get_scrollinc\post.php:25

authwp_ajax_websitebox_shuiyininc\post.php:26

authwp_ajax_websitebox_get_shuiyininc\post.php:27

authwp_ajax_websitebox_sanheyiinc\post.php:28

authwp_ajax_websitebox_get_sanheyiinc\post.php:29

authwp_ajax_websitebox_guanggaoinc\post.php:30

authwp_ajax_websitebox_get_guanggaoinc\post.php:31

noprivwp_ajax_websitebox_insert_liuyaninc\post.php:32

authwp_ajax_websitebox_insert_liuyaninc\post.php:33

authwp_ajax_websitebox_get_picloadinc\post.php:34

authwp_ajax_websitebox_picloadinc\post.php:35

authwp_ajax_websitebox_tablesinc\post.php:36

authwp_ajax_websitebox_get_gonggaoinc\post.php:37

authwp_ajax_websitebox_gonggao_readinc\post.php:38

authwp_ajax_websitebox_tables_jiegouinc\post.php:39

authwp_ajax_websitebox_tables_backinc\post.php:40

authwp_ajax_websitebox_tables_back_listinc\post.php:41

authwp_ajax_websitebox_tables_back_deleteinc\post.php:43

authwp_ajax_websitebox_tables_back_get_planinc\post.php:45

authwp_ajax_websitebox_tables_back_planinc\post.php:46

authwp_ajax_websitebox_sbtexiaoinc\post.php:48

authwp_ajax_websitebox_get_sbtexiaoinc\post.php:49

authwp_ajax_websitebox_is_mianzeinc\post.php:50

WordPress Hooks 44

actionwebsitebox_cronhook1inc\back.php:4

actionwp_footerinc\footer.php:6

actionwp_enqueue_scriptsinc\header.php:6

actionwp_headinc\header.php:7

actionthe_contentinc\header.php:199

actionadmin_enqueue_scriptsinc\index.php:10

actionadmin_menuinc\index.php:12

filterwp_handle_uploadinc\index.php:17

actioninitinc\media.php:8

actionsave_postinc\media.php:9

actionrestrict_manage_postsinc\media.php:10

filterparse_queryinc\media.php:11

actionprint_media_templatesinc\media.php:12

filterajax_query_attachments_argsinc\media.php:13

filterattachment_fields_to_editinc\media.php:15

actioninitinc\websitebox_art_cron.php:2

filtercron_schedulesinc\websitebox_art_cron.php:4

actionwebsitebox_cronhookinc\websitebox_art_cron.php:5

actioncreated_categoryinc\youhua.php:42

actiondelete_categoryinc\youhua.php:43

actionedited_categoryinc\youhua.php:44

actioninitinc\youhua.php:45

filtercategory_rewrite_rulesinc\youhua.php:48

filterquery_varsinc\youhua.php:49

filterrequestinc\youhua.php:50

filterterms_clausesinc\youhua.php:96

filterrest_pre_dispatchinc\youhua.php:122

filterpre_option_thumbnail_size_winc\youhua.php:143

filterpre_option_thumbnail_size_hinc\youhua.php:144

filterpre_option_medium_size_winc\youhua.php:145

filterpre_option_medium_size_hinc\youhua.php:146

filterpre_option_large_size_winc\youhua.php:147

filterpre_option_large_size_hinc\youhua.php:148

filterintermediate_image_sizes_advancedinc\youhua.php:155

filterimage_resize_dimensionsinc\youhua.php:162

filterxmlrpc_methodsinc\youhua.php:182

actiondo_feedinc\youhua.php:190

actiondo_feed_rdfinc\youhua.php:191

actiondo_feed_rssinc\youhua.php:192

actiondo_feed_rss2inc\youhua.php:193

actiondo_feed_atominc\youhua.php:194

actionbefore_delete_postinc\youhua.php:200

filterget_avatarinc\youhua.php:217

filterlocaleinc\youhua.php:222

Scheduled Events 2

websitebox_cronhook1

websitebox_cronhook

Maintenance & Trust

toolbox百宝箱 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version

Downloads12K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

toolbox百宝箱 Alternatives

QQ旺旺Skype微信电话二维码客服WordPress插件 5usujian super serv

5usujian-super-serv

在网站侧边添加优美的电话、QQ、旺旺客服悬浮窗

200 No CVEs

Eyoung Service Online System – Eyoung在线客服系统

eyoung

100

Eyoung Service Online System (Eyoung在线客服系统), 为WordPress网站提供网页版的在线即时沟通工具,是一对一沟通服务的客服插件.

10 No CVEs

advert广告

advert-wzt

100

包含开屏广告、对联广告、侧边广告、banner 广告等功能。

0 No CVEs

Developer Profile

toolbox百宝箱 Developer Profile

沃之涛

8 plugins · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

98 days

View full developer profile

Detection Fingerprints

How We Detect toolbox百宝箱

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wzbaibaoxiang/inc/backtexiao/js/header.js/wp-content/plugins/wzbaibaoxiang/inc/backtexiao/js/vsclick.min.js/wp-content/plugins/wzbaibaoxiang/inc/backtexiao/js/prism.js/wp-content/plugins/wzbaibaoxiang/inc/css/prism.css/wp-content/plugins/wzbaibaoxiang/inc/css/font-awesome.min.css/wp-content/plugins/wzbaibaoxiang/kbn/autoload.js/wp-content/plugins/wzbaibaoxiang/inc/backtexiao/two/index.js/wp-content/plugins/wzbaibaoxiang/inc/backtexiao/three/index.js+7 more

Script Paths

/wp-content/plugins/wzbaibaoxiang/kbn/autoload.js

Version Parameters

wzbaibaoxiang/inc/backtexiao/js/header.js?ver=wzbaibaoxiang/inc/backtexiao/js/vsclick.min.js?ver=wzbaibaoxiang/inc/backtexiao/js/prism.js?ver=wzbaibaoxiang/inc/css/prism.css?ver=wzbaibaoxiang/inc/css/font-awesome.min.css?ver=wzbaibaoxiang/kbn/autoload.js?ver=wzbaibaoxiang/inc/backtexiao/two/index.js?ver=wzbaibaoxiang/inc/backtexiao/three/index.js?ver=wzbaibaoxiang/inc/backtexiao/six/index.js?ver=wzbaibaoxiang/threeAndone/ewm.js?ver=wzbaibaoxiang/threeAndone/jieping.js?ver=wzbaibaoxiang/threeAndone/dom-to-image.js?ver=wzbaibaoxiang/threeAndone/dist/js/social-share.min.js?ver=wzbaibaoxiang/inc/css/header.css?ver=wzbaibaoxiang/threeAndone/dist/css/share.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

wztkj_footer_shy_conwztkj_f_s_btn

JS Globals

php_vars

Shortcode Output

<div class="wztkj_footer_shy_con"><button class="wztkj_f_s_btn" id="wztkj_f_s_c_hb">海报</button><button class="wztkj_f_s_btn" id="wztkj_f_s_c_ds">打赏</button><button class="wztkj_f_s_btn" id="wztkj_f_s_c_fx">分享</button>

FAQ