Admin Notify Security & Risk Analysis
wordpress.org/plugins/admin-notifyShort Description: Admin Notify sends email notifications when administrator accounts are added, updated, or deleted.
Is Admin Notify Safe to Use in 2026?
Generally Safe
Score 100/100Admin Notify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "admin-notify" plugin v1.0.5 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified dangerous functions, SQL queries executed without prepared statements, unsanitized taint flows, and properly escaped output are all excellent indicators of secure coding practices. Furthermore, the plugin has no recorded vulnerabilities, including CVEs, which suggests a history of diligent security maintenance and a lack of previously discovered exploitable flaws. The presence of a nonce check is a positive sign, although the lack of capability checks on entry points warrants attention.
While the plugin appears secure on the surface with a zero attack surface and no critical or high severity issues identified in taint analysis, the absence of capability checks on all entry points presents a potential area for concern. If any of the zero identified entry points were to become exposed or if a future update introduces them, the lack of proper authorization enforcement could lead to privilege escalation or unauthorized actions. The plugin's history of no vulnerabilities is a significant strength, indicating a low likelihood of immediate risk, but it's crucial to ensure that future development continues to adhere to these secure coding standards, particularly regarding authorization checks.
Key Concerns
- Missing capability checks on entry points
Admin Notify Security Vulnerabilities
Admin Notify Code Analysis
Output Escaping
Data Flow Analysis
Admin Notify Attack Surface
WordPress Hooks 7
Maintenance & Trust
Admin Notify Maintenance & Trust
Maintenance Signals
Community Trust
Admin Notify Alternatives
Password Reset Enforcement
password-reset-enforcement
Easily enforce password reset for WordPress users. Choose to force password changes site-wide, by user and/or by role, to boost your site's security.
Last Login Info Display
last-login-info-display
Track user activity with a detailed "Last Login" and "Login Count" column in the WordPress Users dashboard.
Permanent User Password
permanent-user-password
A light-weight WordPress plugin that empowers administrators to set permanent passwords for users on their websites.
Storm Clean Admin
storm-clean-admin
A modern WordPress plugin to manage inactive users, monitor site activity, and keep your site optimized and secure.
Wordfence Security – Firewall, Malware Scan, and Login Security
wordfence
Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.
Admin Notify Developer Profile
3 plugins · 10 total installs
How We Detect Admin Notify
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
wrapform-table<!-- Add nonce field for security --><!-- Ensure this is the very first line in the file -->name="eliyahna_admin_notify_email"name="eliyahna_admin_notify_nonce"value="<?php echo esc_attr(get_option(ELIYAHNA_ADMIN_NOTIFY_OPTION)); ?>"<h1>Admin Notify Settings</h1><div style="text-align: left; font-size: 14px; margin-bottom: 10px;">בס״ד</div>