WP-Safety

Admin Help Docs Security & Risk Analysis

wordpress.org/plugins/admin-help-docs

Site developers and operators can easily create help documentation and notices for the admin area.

400 active installs v1.4.3.2 PHP 7.4+ WP 5.9+ Updated Jan 26, 2026
admindocumentationhelphow-toinstructions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Admin Help Docs Safe to Use in 2026?

Generally Safe

Score 100/100

Admin Help Docs has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "admin-help-docs" plugin v1.4.3.2 presents a generally positive security posture, demonstrating good practices in several key areas. The absence of known CVEs and a clean vulnerability history suggest a history of stable and secure development. The plugin also shows strength in its handling of SQL queries, exclusively using prepared statements, and a very high percentage of properly escaped output, minimizing risks of injection and cross-site scripting vulnerabilities. The presence of nonce and capability checks on entry points further enhances its security.

However, the static analysis does reveal potential areas for concern. The presence of 11 instances of the `unserialize` function is a significant red flag, as unserialization of untrusted input can lead to arbitrary object injection vulnerabilities. While the taint analysis did not reveal any unsanitized flows in this specific version, the inherent risk of `unserialize` remains. Additionally, the plugin performs file operations and makes external HTTP requests, which, if not handled with utmost care, could introduce vulnerabilities. The limited number of entry points and the fact that they are protected is a positive sign, but the overall risk is elevated by the reliance on `unserialize`.

In conclusion, while the plugin has a strong track record and good security fundamentals like prepared statements and output escaping, the use of `unserialize` introduces a notable risk that should not be overlooked. The absence of historical vulnerabilities is encouraging, but the potential for a critical issue stemming from `unserialize` remains. Users should be aware of this specific concern and ensure that any input processed by `unserialize` is rigorously validated and sanitized.

Key Concerns

  • Use of unserialize function
Vulnerabilities
None known

Admin Help Docs Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Admin Help Docs Code Analysis

Dangerous Functions
11
Raw SQL Queries
0
0 prepared
Unescaped Output
13
746 escaped
Nonce Checks
7
Capability Checks
2
File Operations
1
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$returned_object = unserialize( wp_remote_retrieve_body( $response ) );includes\admin\functions.php:650
unserialize$post_types = unserialize( $doc->$post_types_var );includes\classes\class-documentation.php:443
unserialize$post_types = unserialize( get_post_meta( $post->ID, HELPDOCS_GO_PF.'post_types', true ) );includes\classes\class-documentation.php:520
unserialize$post_types = unserialize( $post_types );includes\classes\class-documentation.php:1342
unserialize$post_types = unserialize( $post_types );includes\classes\class-documentation.php:1588
unserialize$post_types = unserialize( $doc->$post_types_var );includes\classes\class-documentation.php:1845
unserialize$selected_docs = unserialize( $selected_docs );includes\classes\class-imports.php:295
unserialize$selected_tocs = unserialize( $selected_tocs );includes\classes\class-imports.php:305
unserialize$values = unserialize( $value[0] );includes\classes\class-user-profile.php:108
unserialize$values = unserialize( $value[0] );includes\classes\class-user-profile.php:179
unserialize$values = unserialize( $value[0] );includes\classes\class-user-profile.php:254

Output Escaping

98% escaped759 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
update_order (includes\classes\class-documentation.php:2014)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Admin Help Docs Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[dont_do_shortcode] includes\classes\class-documentation.php:172
[helpdocs_css] includes\classes\class-documentation.php:178
WordPress Hooks 49
actionadmin_initadmin-help-docs.php:59
actionadmin_noticesadmin-help-docs.php:62
filterplugin_row_metaincludes\admin\admin-area.php:33
actionadmin_initincludes\admin\global-options.php:100
filterparent_fileincludes\admin\menu.php:45
filterwp_kses_allowed_htmlincludes\admin\option-documentation.php:715
filterkses_allowed_protocolsincludes\class-admin-help-docs.php:41
actionadmin_footer_textincludes\class-admin-help-docs.php:45
actionupdate_footerincludes\class-admin-help-docs.php:50
actionadmin_enqueue_scriptsincludes\class-admin-help-docs.php:96
actionadmin_bar_menuincludes\classes\class-admin-bar.php:31
filtercustom_menu_orderincludes\classes\class-admin-menu.php:28
actionadmin_menuincludes\classes\class-admin-menu.php:29
filtermenu_orderincludes\classes\class-admin-menu.php:30
filteradmin_body_classincludes\classes\class-admin-menu.php:31
actionadmin_enqueue_scriptsincludes\classes\class-admin-menu.php:32
actionrest_api_initincludes\classes\class-api.php:58
actionwp_dashboard_setupincludes\classes\class-dashboard-toc.php:39
actioninitincludes\classes\class-documentation.php:15
filteruse_block_editor_for_post_typeincludes\classes\class-documentation.php:119
actionadmin_enqueue_scriptsincludes\classes\class-documentation.php:123
actionload-edit.phpincludes\classes\class-documentation.php:126
actionload-edit-tags.phpincludes\classes\class-documentation.php:127
actionadd_meta_boxesincludes\classes\class-documentation.php:130
filtergettextincludes\classes\class-documentation.php:133
actionsave_postincludes\classes\class-documentation.php:136
actionpre_get_postsincludes\classes\class-documentation.php:144
actionwp_dashboard_setupincludes\classes\class-documentation.php:147
actionadmin_headincludes\classes\class-documentation.php:150
actionadmin_footerincludes\classes\class-documentation.php:153
actionadmin_enqueue_scriptsincludes\classes\class-documentation.php:157
actionadmin_enqueue_scriptsincludes\classes\class-documentation.php:160
actioncreate_termincludes\classes\class-documentation.php:163
actionrestrict_manage_postsincludes\classes\class-documentation.php:166
actionpre_get_postsincludes\classes\class-documentation.php:169
actionedit_form_after_titleincludes\classes\class-documentation.php:175
actionall_admin_noticesincludes\classes\class-documentation.php:381
actionadmin_noticesincludes\classes\class-documentation.php:1671
actionadmin_noticesincludes\classes\class-documentation.php:1728
actionadmin_enqueue_scriptsincludes\classes\class-documentation.php:2359
filtergform_custom_merge_tagsincludes\classes\class-gf-mergetags.php:44
actioninitincludes\classes\class-imports.php:18
actionload-edit.phpincludes\classes\class-imports.php:56
actionadd_meta_boxesincludes\classes\class-imports.php:59
actionsave_postincludes\classes\class-imports.php:62
actionall_admin_noticesincludes\classes\class-imports.php:148
actionedit_user_profileincludes\classes\class-user-profile.php:31
actionshow_user_profileincludes\classes\class-user-profile.php:34
actioninitincludes\classes\_class-TEMPLATE.php:17
Maintenance & Trust

Admin Help Docs Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 26, 2026
PHP min version7.4
Downloads10K

Community Trust

Rating100/100
Number of ratings8
Active installs400
Alternatives

Admin Help Docs Alternatives

Admin Expert Mode

Admin Expert Mode

admin-expert-mode

A
85

Allows users to hide inline documentation and help text that are geared for beginning users in the WordPress admin.

20 No CVEs
Admin Documentation

Admin Documentation

admin-documentation

A
100

Adds a simple documentation page to your WordPress admin to keep instructions, notes, and other helpful information for maintaining your website.

0 No CVEs
WP Help Docs

WP Help Docs

ilab-docs

A
85

Directly integrate markdown based help documentation for your WordPress theme or plugin into the WordPress admin for your end users and clients.

0 No CVEs
WP Help

WP Help

wp-help

A
92

Site operators can create detailed, hierarchical documentation for the site's authors, editors, and contributors, viewable in the WordPress admin …

10K No CVEs
EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

eazydocs

A
91

Build professional knowledge bases with unlimited docs, drag-and-drop editor, live search, and SEO optimization.

2K 9 CVEs
Developer Profile

Admin Help Docs Developer Profile

PluginRx

12 plugins · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
10 days
View full developer profile
Detection Fingerprints

How We Detect Admin Help Docs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-help-docs/includes/admin/css/helpdocs-admin.css/wp-content/plugins/admin-help-docs/includes/admin/js/helpdocs-admin.js/wp-content/plugins/admin-help-docs/includes/admin/js/helpdocs-admin-scripts.js
Script Paths
includes/admin/js/helpdocs-admin.jsincludes/admin/js/helpdocs-admin-scripts.js
Version Parameters
admin-help-docs/includes/admin/css/helpdocs-admin.css?ver=admin-help-docs/includes/admin/js/helpdocs-admin.js?ver=admin-help-docs/includes/admin/js/helpdocs-admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
helpdocs-admin-wrap
HTML Comments
<!-- Admin Help Docs -->
Data Attributes
data-helpdocs-pagedata-helpdocs-tab
JS Globals
helpdocs_admin_params
FAQ

Frequently Asked Questions about Admin Help Docs