WP-Safety

Admin Command Palette Security & Risk Analysis

wordpress.org/plugins/admin-command-palette

Optimize WordPress admin navigation with a modal window to search for and navigate directly to WordPress admin pages.

70 active installs v1.0.2 PHP + WP 3.0.1+ Updated May 1, 2017
actionsadminnavigationsearchux
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Admin Command Palette Safe to Use in 2026?

Generally Safe

Score 85/100

Admin Command Palette has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The 'admin-command-palette' plugin v1.0.2 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and having no recorded vulnerabilities or dangerous functions, significant concerns arise from its attack surface and output handling. The plugin exposes one AJAX handler that lacks any authentication or capability checks, creating a direct entry point for potential attackers. Furthermore, a concerning 100% of its output operations are not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if any user-supplied data is reflected directly to the browser without sanitization. The absence of taint analysis findings and vulnerability history is positive, suggesting that any past issues have been addressed or that the plugin's functionality doesn't typically lend itself to common complex vulnerabilities. However, the identified unprotected AJAX endpoint and the widespread unescaped output represent clear and actionable security risks that need immediate attention to improve the overall security of the plugin.

Key Concerns

  • Unprotected AJAX handler
  • 0% of outputs properly escaped
Vulnerabilities
None known

Admin Command Palette Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Admin Command Palette Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
14
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

0% escaped14 total outputs
Attack Surface
1 unprotected

Admin Command Palette Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_acp_gadincludes\class-cnp_acp.php:188
WordPress Hooks 15
actionplugins_loadedincludes\class-cnp_acp.php:159
actionadmin_initincludes\class-cnp_acp.php:182
actionadmin_initincludes\class-cnp_acp.php:183
actionadmin_initincludes\class-cnp_acp.php:184
actionadmin_initincludes\class-cnp_acp.php:185
actionadmin_menuincludes\class-cnp_acp.php:186
actionadmin_footerincludes\class-cnp_acp.php:190
actionadmin_enqueue_scriptsincludes\class-cnp_acp.php:192
actionadmin_enqueue_scriptsincludes\class-cnp_acp.php:193
actionactivated_pluginincludes\class-cnp_acp.php:195
actiondeactivated_pluginincludes\class-cnp_acp.php:196
actionwp_insert_postincludes\class-cnp_acp.php:197
actionwp_trash_postincludes\class-cnp_acp.php:198
actioncreated_termincludes\class-cnp_acp.php:199
actiondelete_termincludes\class-cnp_acp.php:200
Maintenance & Trust

Admin Command Palette Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedMay 1, 2017
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings4
Active installs70
Alternatives

Admin Command Palette Alternatives

Dashboard Navigator

Dashboard Navigator

dashnav

A
100

Navigate your WordPress dashboard by searching with a few keystrokes. Press shift shift, then a few letters of the menu item you want.

20 No CVEs
Admin Compass

Admin Compass

admin-compass

A
100

Admin Compass provides fast, global search functionality for your WordPress admin area.

0 No CVEs
Admin Menu Search (AMS)

Admin Menu Search (AMS)

admin-menu-search-ams

A
100

Quickly search for menu items with support for multiple keyboard layouts.

0 No CVEs
Admin Menu Search

Admin Menu Search

admin-menu-search

A
92

Admin Menu Search adds a search box filter to the top of the WordPress Admin Menu so you can easily locate items on sites with lots of menus.

3K No CVEs
Admin Search

Admin Search

admin-search

A
100

Admin Search adds a simple, easy-to-use interface to your WordPress admin site that gives you and your admin users the ability to search across multip …

1K No CVEs
Developer Profile

Admin Command Palette Developer Profile

jhned

1 plugin · 70 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Admin Command Palette

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-command-palette/admin/css/acp-admin.css/wp-content/plugins/admin-command-palette/admin/js/admin.min.js
Script Paths
/wp-content/plugins/admin-command-palette/admin/js/admin.min.js
Version Parameters
admin-command-palette/admin/css/acp-admin.css?ver=admin-command-palette/admin/js/admin.min.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-search-results-group-by-type
JS Globals
acp_user_optionsacpAjax
REST Endpoints
/wp-json/acp/v1/search
FAQ

Frequently Asked Questions about Admin Command Palette