WP-Safety

Admin Options Pages Security & Risk Analysis

wordpress.org/plugins/admin-options-pages

Create and edit your own options pages with ease.

600 active installs v0.9.9 PHP 8.0+ WP 5.3+ Updated Dec 3, 2025
admin-options-pagesaopoptionssettingssettings-pages
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 16, 2025
Plugin page Download
Safety Verdict

Is Admin Options Pages Safe to Use in 2026?

Generally Safe

Score 99/100

Admin Options Pages has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 16, 2025Updated 4mo ago
Risk Assessment

The "admin-options-pages" plugin v0.9.9 exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and all output being properly escaped. The absence of file operations and external HTTP requests further strengthens its security. However, a significant concern arises from its attack surface, specifically one unprotected AJAX handler. While taint analysis did not reveal critical or high-severity issues, the presence of unsanitized paths in four flows warrants attention. The plugin's vulnerability history shows one previously disclosed medium-severity Cross-Site Scripting vulnerability, which is thankfully patched. The fact that this vulnerability is in the past suggests the developers have addressed past issues, but it also highlights a historical susceptibility to certain types of attacks.

Key Concerns

  • Unprotected AJAX handler
  • Taint flow with unsanitized path (4 instances)
  • Dangerous function (unserialize)
  • Past medium CVE for XSS
Vulnerabilities
1

Admin Options Pages Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-23905medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Admin Options Pages <= 0.9.7 - Reflected Cross-Site Scripting

Jan 16, 2025 Patched in 0.9.8 (89d)
Code Analysis
Analyzed Mar 16, 2026

Admin Options Pages Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
7 prepared
Unescaped Output
0
167 escaped
Nonce Checks
3
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize($value->page_value);App\Data.php:71
unserialize$item = unserialize($item);App\Data.php:397
unserializereturn unserialize($row->page_value);App\Data.php:490
unserialize$pageValue = unserialize($row->page_value);App\Data.php:500

SQL Query Safety

100% prepared7 total queries

Output Escaping

100% escaped167 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
onSubmitBulkAction (App\Admin\AdminPages\SubpageMaster.php:20)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Admin Options Pages Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_notUsedExistingMenuTitlesApp\Admin\AdminPages\AdminPages.php:41
WordPress Hooks 28
actioninitApp\Admin\AdminPages\AdminPages.php:27
actionadmin_menuApp\Admin\AdminPages\AdminPages.php:37
actionadmin_noticesApp\Admin\AdminPages\AdminPages.php:142
actionadmin_noticesApp\Admin\AdminPages\AdminPages.php:179
actionadmin_initApp\Admin\AdminPages\Settings\Options\Checkbox.php:26
actionwp_loadedApp\Admin\AdminPages\SubpageMaster.php:17
actionadmin_footerApp\Admin\WPListTable.php:153
actionadmin_enqueue_scriptsApp\Enqueue.php:11
actionadmin_initApp\Options\Fields\Checkbox.php:69
actionadmin_initApp\Options\Fields\ColorPicker.php:91
actionadmin_enqueue_scriptsApp\Options\Fields\ColorPicker.php:95
actionadmin_initApp\Options\Fields\Description.php:40
actionadmin_initApp\Options\Fields\HorizontalRule.php:34
actionadmin_enqueue_scriptsApp\Options\Fields\Image.php:70
actionadmin_initApp\Options\Fields\Image.php:74
actionadmin_initApp\Options\Fields\Number.php:95
actionadmin_initApp\Options\Fields\RadioButton.php:70
actionadmin_initApp\Options\Fields\Select.php:70
actionadmin_initApp\Options\Fields\Subtitle.php:33
actionadmin_initApp\Options\Fields\Textarea.php:88
actionadmin_initApp\Options\Fields\TextField.php:94
actionadmin_initApp\Options\Fields\WysiwygEditor.php:93
actionadmin_menuApp\Options\MenuPage.php:49
actionadmin_menuApp\Options\SingleOptionsPage.php:63
filterplugin_row_metaApp\PluginMetaLinks.php:14
filterplugin_action_linksApp\PluginMetaLinks.php:18
actionplugins_loadedbootstrap\bootstrap.php:11
actionadmin_noticesbootstrap\Requirements.php:70
Maintenance & Trust

Admin Options Pages Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version8.0
Downloads7K

Community Trust

Rating100/100
Number of ratings9
Active installs600
Alternatives

Admin Options Pages Alternatives

One Click Demo Import

One Click Demo Import

one-click-demo-import

A
97

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs
CMB2

CMB2

cmb2

B
84

CMB2 is a metabox, custom fields, and forms library for WordPress that will blow your mind.

300K 1 CVE
OptionTree

OptionTree

option-tree

B
82

Theme Options UI Builder for WordPress. A simple way to create & save Theme Options and Meta Boxes for free or premium themes.

60K 5 CVEs
Catch Themes Demo Import

Catch Themes Demo Import

catch-themes-demo-import

A
98

Catch Themes Demo Import is a simple and easy-to-use demo importer WordPress plugin that allows you to import the theme demo data Based on One Click D &hellip;

6K 2 CVEs
Custom Global Variables

Custom Global Variables

custom-global-variables

A
85

Easily create custom variables that can be accessed globally in Wordpress and PHP. Retrieval of information is extremely fast, with no database calls.

5K 1 CVE
Developer Profile

Admin Options Pages Developer Profile

Johannes van Poelgeest

1 plugin · 600 total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
89 days
View full developer profile
Detection Fingerprints

How We Detect Admin Options Pages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-options-pages/vendor/assets/css/bootstrap.min.css/wp-content/plugins/admin-options-pages/vendor/assets/css/font-awesome.min.css/wp-content/plugins/admin-options-pages/vendor/assets/js/bootstrap.min.js/wp-content/plugins/admin-options-pages/vendor/assets/js/popper.min.js/wp-content/plugins/admin-options-pages/vendor/tinymce/tinymce/tinymce.min.js/wp-content/plugins/admin-options-pages/assets/css/admin.css/wp-content/plugins/admin-options-pages/assets/js/admin.js
Script Paths
/wp-content/plugins/admin-options-pages/vendor/assets/js/bootstrap.min.js/wp-content/plugins/admin-options-pages/vendor/assets/js/popper.min.js/wp-content/plugins/admin-options-pages/vendor/tinymce/tinymce/tinymce.min.js/wp-content/plugins/admin-options-pages/assets/js/admin.js
Version Parameters
admin-options-pages/vendor/assets/css/bootstrap.min.css?ver=admin-options-pages/vendor/assets/css/font-awesome.min.css?ver=admin-options-pages/vendor/assets/js/bootstrap.min.js?ver=admin-options-pages/vendor/assets/js/popper.min.js?ver=admin-options-pages/vendor/tinymce/tinymce/tinymce.min.js?ver=admin-options-pages/assets/css/admin.css?ver=admin-options-pages/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
aops-settings-pagesaops-sub-menu-pages
Data Attributes
data-aops-field-iddata-aops-field-typedata-aops-repeater-id
JS Globals
aops_vars
FAQ

Frequently Asked Questions about Admin Options Pages