Does Xolo Websites have any unpatched vulnerabilities?

No. All known vulnerabilities in Xolo Websites have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Xolo Websites compatible with WordPress 6.1.10?

According to WordPress.org data, Xolo Websites 1.6 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Xolo Websites compatible with PHP 5.6+?

Xolo Websites requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Xolo Websites updated?

Xolo Websites was last updated on Mar 21, 2023. Frequent updates are generally a positive security signal.

What is Xolo Websites's security score?

Xolo Websites has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Xolo Websites Security & Risk Analysis

wordpress.org/plugins/xolo-websites

FREE TEMPLATES FOR ELEMENTOR PAGE BUILDER

100 active installs v1.6 PHP 5.6+ WP 5.0+ Updated Mar 21, 2023

demoelementorimportsettingsxolo-websites

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Xolo Websites Safe to Use in 2026?

Generally Safe

Score 85/100

Xolo Websites has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The xolo-websites v1.6 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping almost all output. The absence of known vulnerabilities (CVEs) and the lack of critical or high-severity taint flows are also encouraging signs. This suggests a developer who is mindful of common web security pitfalls.

However, significant concerns arise from the substantial attack surface exposed through AJAX handlers. With 7 total AJAX handlers, 5 of which lack authentication checks, there's a high potential for unauthorized actions if these endpoints are not sufficiently secured. Additionally, the presence of the `unserialize` function, without visible sanitization or validation of its input in the provided data, poses a risk of deserialization vulnerabilities. While taint analysis shows no current issues, the potential for exploitation remains, especially if the unserialized data comes from an untrusted source.

In conclusion, while the plugin has strengths in data handling and output sanitization, the unsecured AJAX endpoints and the `unserialize` function represent notable weaknesses that could be exploited. The lack of vulnerability history is positive, but it doesn't negate the inherent risks identified in the code analysis.

Key Concerns

Unprotected AJAX handlers
Use of unserialize without apparent sanitization

Vulnerabilities

None known

Xolo Websites Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Xolo Websites Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

63 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize( $raw );inc\CustomizerImporter.php:87

Output Escaping

98% escaped64 total outputs

Attack Surface

5 unprotected

Xolo Websites Attack Surface

Entry Points7

Unprotected5

AJAX Handlers 7

authwp_ajax_xolo-websiteinc\classes\xolo-websites-notices.php:58

authwp_ajax_xolo-websites-activate-themeinc\XoloWebDemoImport.php:108

authwp_ajax_XOLO_WEB_import_demo_datainc\XoloWebDemoImport.php:111

authwp_ajax_XOLO_WEB_import_customizer_datainc\XoloWebDemoImport.php:112

authwp_ajax_XOLO_WEB_after_import_datainc\XoloWebDemoImport.php:113

authwp_ajax_xolo-websites-activate-themexolo-websites.php:40

authwp_ajax_xolo_web_install_act_pluginxolo-websites.php:194

WordPress Hooks 24

actionadmin_noticesinc\classes\xolo-websites-notices.php:56

actionadmin_enqueue_scriptsinc\classes\xolo-websites-notices.php:57

actionXOLO-WEBSITES/before_content_import_executioninc\ImportActions.php:17

actionXOLO-WEBSITES/after_content_import_executioninc\ImportActions.php:20

actionXOLO-WEBSITES/after_content_import_executioninc\ImportActions.php:21

actionXOLO-WEBSITES/after_content_import_executioninc\ImportActions.php:22

actionXOLO-WEBSITES/customizer_import_executioninc\ImportActions.php:25

actionXOLO-WEBSITES/after_all_import_executioninc\ImportActions.php:28

actionXOLO-WEBSITES/widget_settings_arrayinc\ImportActions.php:32

filterwxr_importer.pre_process.userinc\Importer.php:124

filterwxr_importer.pre_process.postinc\Importer.php:127

filterintermediate_image_sizes_advancedinc\Importer.php:131

filterXOLO-WEBSITES/time_for_one_ajax_callinc\WPCLICommands.php:190

filterwxr_importer.pre_process.terminc\WXRImporter.php:28

actionadmin_noticesinc\XoloWebDemoImport.php:106

actionadmin_noticesinc\XoloWebDemoImport.php:107

actionadmin_menuinc\XoloWebDemoImport.php:109

actionadmin_enqueue_scriptsinc\XoloWebDemoImport.php:110

actionafter_setup_themeinc\XoloWebDemoImport.php:114

actionplugins_loadedinc\XoloWebDemoImport.php:115

filterXOLO-WEBSITES/import_filesxolo-websites.php:62

actionXOLO-WEBSITES/after_importxolo-websites.php:86

actionadmin_noticesxolo-websites.php:128

actionadmin_initxolo-websites.php:175

Maintenance & Trust

Xolo Websites Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 21, 2023

PHP min version5.6

Downloads14K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Xolo Websites Alternatives

Xolo Addon

xolo-addon

Xolo Addon gives you attractive Elementor widget to your websites. Its perfect test for Xolo Theme, But You can use for another theme also Astra, Sina …

40 No CVEs

aThemes Starter Sites

athemes-starter-sites

We've got a full and ever-growing library stocked with ready-made templates for any kind of business.

40K 1 CVE

Demo Importer Plus

demo-importer-plus

Import the demo content, widgets, customizer settings and theme settings with a single click without any hassle.

10K 5 CVEs

Popularis Extra

popularis-extra

Popularis Extra add extra features to Popularis theme like demo import, widgets, shortcodes or Elementor widgets.

8K 1 unpatched

Catch Themes Demo Import

catch-themes-demo-import

Catch Themes Demo Import is a simple and easy-to-use demo importer WordPress plugin that allows you to import the theme demo data Based on One Click D …

6K 2 CVEs

Developer Profile

Xolo Websites Developer Profile

Xolo Software

4 plugins · 210 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Xolo Websites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xolo-websites/assets/css/xolo-web-style.css/wp-content/plugins/xolo-websites/assets/js/xolo-web-script.js

Script Paths

/wp-content/plugins/xolo-websites/vendor/autoload.php

HTML / DOM Fingerprints

CSS Classes

xolo-web-main-wrapperxolo-web-demos-listxolo-web-import-button

HTML Comments

+10 more

Data Attributes

data-plugin-slug="xolo-websites"data-action="xolo-websites-activate-theme"data-nonce="<?php echo wp_create_nonce( 'xolo-websites' ); ?>"

JS Globals

window.xolo_web_ajax_objectvar XOLO_WEB_PLUGIN_STATE

REST Endpoints

/wp-json/xolo-websites/v1/activate-theme

Shortcode Output

[xolo_web_demo_importer]

FAQ