Does ZeroWP OneClick Presets have any unpatched vulnerabilities?

No. All known vulnerabilities in ZeroWP OneClick Presets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ZeroWP OneClick Presets compatible with WordPress 5.3.0?

According to WordPress.org data, ZeroWP OneClick Presets 1.1.0 has been tested up to WordPress 5.3.0. Check the plugin's changelog for the latest compatibility information.

How often is ZeroWP OneClick Presets updated?

ZeroWP OneClick Presets was last updated on Sep 12, 2019. Frequent updates are generally a positive security signal.

What is ZeroWP OneClick Presets's security score?

ZeroWP OneClick Presets has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ZeroWP OneClick Presets Security & Risk Analysis

wordpress.org/plugins/zerowp-oneclick-presets

Backup, Import, Export, Live Preview a set of settings from WP customizer

10 active installs v1.1.0 PHP + WP 4.7+ Updated Sep 12, 2019

backupcustomizeexportimportpreset

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ZeroWP OneClick Presets Safe to Use in 2026?

Generally Safe

Score 85/100

ZeroWP OneClick Presets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "zerowp-oneclick-presets" v1.1.0 plugin presents significant security concerns primarily due to its unprotected AJAX handlers. The static analysis reveals a considerable attack surface with 5 AJAX handlers, all of which lack authentication checks. This means any unauthenticated user could potentially interact with these handlers, leading to unintended actions or information disclosure depending on the handler's functionality.

While the plugin demonstrates good practices in using prepared statements for SQL queries and has no known CVEs, the lack of input sanitization in taint flows and insufficient output escaping are notable weaknesses. The presence of 4 taint flows with unsanitized paths, even without critical or high severity flags, warrants attention as it suggests potential for unexpected behavior or vulnerabilities when user-controlled data is processed. The absence of nonce checks further exacerbates the risk associated with the unprotected AJAX endpoints.

Overall, the plugin's security posture is weakened by its exposed AJAX endpoints. The lack of known vulnerabilities might indicate a lack of targeted exploitation or an assumption of secure usage, but the code analysis clearly points to areas that need immediate attention to mitigate potential risks.

Key Concerns

5 AJAX handlers without auth checks
4 flows with unsanitized paths
39% improperly escaped output
0 Nonce checks
0 Capability checks

Vulnerabilities

None known

ZeroWP OneClick Presets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ZeroWP OneClick Presets Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

61% escaped28 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

_ajaxCreatePreset (engine\Ajax.class.php:30)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

ZeroWP OneClick Presets Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_zwpocp_presets_use_presetengine\Ajax.class.php:23

authwp_ajax_zwpocp_presets_create_presetengine\Ajax.class.php:24

authwp_ajax_zwpocp_presets_delete_presetengine\Ajax.class.php:25

authwp_ajax_zwpocp_presets_import_presetengine\Ajax.class.php:26

authwp_ajax_zwpocp_presets_download_presetengine\Ajax.class.php:27

WordPress Hooks 17

actioncustomize_controls_enqueue_scriptscomponents\ScriptsAndStyles\component.php:7

actionwp_enqueue_scriptscomponents\ScriptsAndStyles\component.php:34

filterupload_mimescomponents\SetupSystem\component.php:8

actioncustomize_registercomponents\SetupSystem\component.php:16

actionafter_setup_themeengine\Cookie.class.php:9

actionafter_setup_themeengine\Cookie.class.php:10

actiontemplate_redirectengine\Cookie.class.php:11

actionadmin_bar_menuengine\Cookie.class.php:12

actionwp_footerengine\Cookie.class.php:13

actionwp_footerengine\Cookie.class.php:14

actionafter_setup_themeengine\Filter.class.php:14

filteroption_show_on_frontengine\Filter.class.php:26

filteroption_page_on_frontengine\Filter.class.php:27

filteroption_sidebars_widgetsengine\Filter.class.php:29

actionadmin_menuwarnings\abstract-warning.php:10

actionadmin_enqueue_scriptswarnings\abstract-warning.php:11

actionplugins_loadedzerowp-oneclick-presets.php:133

Maintenance & Trust

ZeroWP OneClick Presets Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.0

Last updatedSep 12, 2019

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

ZeroWP OneClick Presets Alternatives

Customizer Backup & Reset

customizer-reset-by-wpzoom

100

Reset theme customizations made via WordPress Customizer with backup, export, and import features.

8K No CVEs

All-in-One WP Migration and Backup

all-in-one-wp-migration

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs

Customizer Export/Import

customizer-export-import

Easily export or import your WordPress customizer settings!

100K 3 CVEs

Import / Export Customizer Settings

astra-import-export

100

Astra theme customizer offers several settings for header/footer layout, sidebar and blog designs, colors, backgrounds, typography and much more.

50K 1 CVE

Export Import Menus

export-import-menus

A plugin that lets you export and import your WordPress menus in our own website under Appearance section to Export/Import Menus.

10K 2 CVEs

Developer Profile

ZeroWP OneClick Presets Developer Profile

Andrei Surdu

5 plugins · 10K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ZeroWP OneClick Presets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zerowp-oneclick-presets/css/styles-admin.css/wp-content/plugins/zerowp-oneclick-presets/js/config-admin.js/wp-content/plugins/zerowp-oneclick-presets/css/styles.css/wp-content/plugins/zerowp-oneclick-presets/js/config.js

Script Paths

/wp-content/plugins/zerowp-oneclick-presets/js/config-admin.js/wp-content/plugins/zerowp-oneclick-presets/js/config.js

HTML / DOM Fingerprints

JS Globals

zwpocp_presets

FAQ