Does YITH Proteo Toolkit have any unpatched vulnerabilities?

No. All known vulnerabilities in YITH Proteo Toolkit have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YITH Proteo Toolkit compatible with WordPress 6.6.5?

According to WordPress.org data, YITH Proteo Toolkit 1.3.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is YITH Proteo Toolkit compatible with PHP 7.4+?

YITH Proteo Toolkit requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YITH Proteo Toolkit updated?

YITH Proteo Toolkit was last updated on Oct 21, 2024. Frequent updates are generally a positive security signal.

What is YITH Proteo Toolkit's security score?

YITH Proteo Toolkit has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YITH Proteo Toolkit Security & Risk Analysis

wordpress.org/plugins/yith-proteo-toolkit

"YITH Proteo Toolkit" will help you get the best from your YITH Proteo theme.

2K active installs v1.3.0 PHP 7.4+ WP 5.3+ Updated Oct 21, 2024

proteotoolkitwizardyithyithemes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is YITH Proteo Toolkit Safe to Use in 2026?

Generally Safe

Score 92/100

YITH Proteo Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "yith-proteo-toolkit" plugin v1.3.0 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, and external HTTP requests is positive. Furthermore, all SQL queries are prepared, and a high percentage of output is properly escaped, indicating good sanitization practices. The plugin also implements nonce checks, which are crucial for preventing CSRF attacks. The lack of any known historical CVEs further suggests a commitment to security or a history of responsible development.

However, a notable concern is the complete absence of capability checks for its single AJAX handler. While there are no detected taint flows or unescaped outputs in this specific handler, this oversight creates a potential vulnerability. An attacker could exploit this by directly calling the AJAX handler without proper authentication, potentially leading to unintended actions or information disclosure if the handler performs sensitive operations.

In conclusion, while the plugin demonstrates solid foundational security practices, the missing capability check on the AJAX endpoint is a significant weakness that needs to be addressed. The absence of historical vulnerabilities is a strength, but it does not negate the risk posed by the identified oversight in the current version. Addressing this single point of potential unauthorized access is paramount for improving its overall security.

Key Concerns

AJAX handler missing capability check

Vulnerabilities

None known

YITH Proteo Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

YITH Proteo Toolkit Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped57 total outputs

Attack Surface

YITH Proteo Toolkit Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_yith_proteo_toolkit_module_saveincludes\class-yith-proteo-toolkit-modules.php:37

Shortcodes 1

[proteo_testimonials] includes\testimonials-module\shortcodes\shortcodes.php:9

WordPress Hooks 24

actioninitblock-patterns\block-patterns.php:77

actioninitblock-patterns\block-patterns.php:102

actionyith_proteo_dashboard_additional_sidebar_contentincludes\class-yith-proteo-toolkit-modules.php:32

actionadmin_print_scriptsincludes\class-yith-proteo-toolkit-modules.php:34

actioninitincludes\class-yith-proteo-toolkit-wizard.php:24

actionadmin_print_stylesincludes\class-yith-proteo-toolkit-wizard.php:27

actionadmin_initincludes\class-yith-proteo-toolkit-wizard.php:29

actionadmin_initincludes\class-yith-proteo-toolkit-wizard.php:33

filterwizard_regenerate_thumbnails_in_content_importincludes\class-yith-proteo-toolkit-wizard.php:35

actionget_template_part_wizard/assets/images/spinnerincludes\class-yith-proteo-toolkit-wizard.php:37

actioninitincludes\class-yith-proteo-toolkit-wizard.php:39

filterwoocommerce_prevent_automatic_wizard_redirectincludes\class-yith-proteo-toolkit-wizard.php:42

actionadmin_noticesincludes\class-yith-proteo-toolkit-wizard.php:54

actionadmin_initincludes\class-yith-proteo-toolkit-wizard.php:55

actionload-setup-wizardincludes\class-yith-proteo-toolkit-wizard.php:62

actioninitincludes\testimonials-module\block\testimonials-block.php:9

actionenqueue_block_editor_assetsincludes\testimonials-module\block\testimonials-block.php:70

actionwp_enqueue_scriptsincludes\testimonials-module\module.php:34

actionadd_meta_boxesincludes\testimonials-module\post-types\class-proteo-testimonials-metabox.php:112

actionsave_postincludes\testimonials-module\post-types\class-proteo-testimonials-metabox.php:113

actionadmin_enqueue_scriptsincludes\testimonials-module\post-types\class-proteo-testimonials-metabox.php:114

actioninitincludes\testimonials-module\post-types\testimonials.php:63

filterenter_title_hereincludes\testimonials-module\post-types\testimonials.php:65

actioninitincludes\testimonials-module\post-types\testimonials.php:116

Maintenance & Trust

YITH Proteo Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 21, 2024

PHP min version7.4

Downloads64K

Community Trust

Rating100/100

Number of ratings1

Active installs2K

Alternatives

YITH Proteo Toolkit Alternatives

Kirki Customizer Framework

kirki

100

The Ultimate Customizer Framework for WordPress Theme Developers

500K No CVEs

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.6.x compatible.

500K 6 CVEs

YITH WooCommerce Compare

yith-woocommerce-compare

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.6

100K 3 CVEs

BlossomThemes Toolkit

blossomthemes-toolkit

100

BlossomThemes Toolkit provides you necessary widgets for better and effective blogging.

30K No CVEs

Flash Toolkit

flash-toolkit

Flash Toolkit is a companion for Flash WordPress theme by ThemeGrill

10K No CVEs

Developer Profile

YITH Proteo Toolkit Developer Profile

YITHEMES

33 plugins · 1.1M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

411 days

View full developer profile

Detection Fingerprints

How We Detect YITH Proteo Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yith-proteo-toolkit/assets/css/admin.css/wp-content/plugins/yith-proteo-toolkit/assets/js/admin.js/wp-content/plugins/yith-proteo-toolkit/assets/js/modules-admin.js

Script Paths

/wp-content/plugins/yith-proteo-toolkit/assets/js/modules-admin.js/wp-content/plugins/yith-proteo-toolkit/assets/js/admin.js

Version Parameters

yith-proteo-toolkit/assets/css/admin.css?ver=yith-proteo-toolkit/assets/js/admin.js?ver=yith-proteo-toolkit/assets/js/modules-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

yith-proteo-toolkit-modulesform-switch

HTML Comments

<!--
			<li>
				<span class="module-name">- Testimonials</span>
				<span class="form-switch enabled"
					data-option_id="yith-proteo-toolkit-testimonial">
				</span>
			</li>
			-->

Data Attributes

data-option_id

JS Globals

yith_proteo_toolkit

FAQ