Does Admin Page Framework have any unpatched vulnerabilities?

No. All known vulnerabilities in Admin Page Framework have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Admin Page Framework compatible with WordPress 5.9.13?

According to WordPress.org data, Admin Page Framework 3.9.1 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Admin Page Framework updated?

Admin Page Framework was last updated on Apr 15, 2022. Frequent updates are generally a positive security signal.

What is Admin Page Framework's security score?

Admin Page Framework has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Admin Page Framework Security & Risk Analysis

wordpress.org/plugins/admin-page-framework

Facilitates WordPress plugin and theme development.

80 active installs v3.9.1 PHP + WP 3.4+ Updated Apr 15, 2022

admin-pagesapidevelopersoptionssettings

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Admin Page Framework Safe to Use in 2026?

Generally Safe

Score 85/100

Admin Page Framework has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The Admin Page Framework plugin v3.9.1 exhibits a mixed security posture. While it has no recorded historical vulnerabilities and shows good practices in using prepared statements for SQL queries (80%) and implementing nonce and capability checks (8 each), significant concerns arise from its attack surface and taint analysis. Two AJAX handlers lack authentication checks, creating potential entry points for unauthorized actions. Furthermore, the taint analysis revealed a high-severity flow with an unsanitized path, indicating a risk of a vulnerability that could be exploited if this path is triggered with malicious input. The presence of bundled libraries like Select2, while convenient, also warrants attention for potential outdatedness and associated vulnerabilities, though this is not explicitly detailed in the provided data.

Despite the absence of historical CVEs, the identified unprotected AJAX handlers and the high-severity taint flow represent tangible risks that require immediate attention. The high percentage of outputs that are not properly escaped (41%) also adds to the concern, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if user-controlled data is displayed without sufficient sanitization. The plugin's strengths lie in its SQL query practices and security check implementations, but these are overshadowed by the identified vulnerabilities in its attack surface and data handling. A balanced conclusion suggests that while the plugin aims for security, these specific flaws could compromise its overall safety.

Key Concerns

Unprotected AJAX handlers
High severity taint flow with unsanitized path
Significant percentage of unescaped outputs

Vulnerabilities

None known

Admin Page Framework Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Admin Page Framework Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

98 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

80% prepared10 total queries

Output Escaping

59% escaped167 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

___addArchiveItem (library\apf\utility\zip\AdminPageFramework_Zip.php:83)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Admin Page Framework Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_apf_ajax_test_field_typeexample\library\ajax-test-custom-field-type\AjaxTestCustomFieldType.php:31

authwp_ajax_apf_path_field_type-admin-page-frameworkexample\library\path-custom-field-type\PathCustomFieldType.php:54

Shortcodes 1

[embed] include\class\admin\_abstract\AdminPageFrameworkLoader_AdminPage_Tab_ReadMeBase.php:60

WordPress Hooks 90

actionadmin_noticesadmin-page-framework-loader.php:196

actionadmin_initadmin-page-framework-loader.php:248

filterrequestexample\post_type\APF_PostType.php:138

filterget_termsexample\taxonomy_field\APF_TaxonomyField.php:64

filteradmin_page_framework_loader_filter_generator_additional_source_directoriesinclude\class\admin\admin-page-framework\tool\generator\AdminPageFrameworkLoader_AdminPage_Tool_Compiler_CustomFieldTypes.php:73

filteradmin_page_framework_loader_filter_generator_file_contentsinclude\class\admin\admin-page-framework\tool\generator\AdminPageFrameworkLoader_AdminPage_Tool_Compiler_CustomFieldTypes.php:79

actioninitinclude\class\admin\dashboard\AdminPageFrameworkLoader_AdminPageWelcome.php:32

actionadmin_footerinclude\library\github-custom-field-type\GitHubCustomFieldType.php:69

actionwp_loadedlibrary\apf\factory\admin_page\AdminPageFramework_Router.php:20

filteradmin_titlelibrary\apf\factory\admin_page\AdminPageFramework_Router.php:75

actionadmin_headlibrary\apf\factory\admin_page\_controller\AdminPageFramework_HelpPane_admin_page.php:17

filterplugin_row_metalibrary\apf\factory\admin_page\_controller\AdminPageFramework_Link_admin_page.php:25

filterwp_mail_content_typelibrary\apf\factory\admin_page\_model\AdminPageFramework_FormEmail.php:30

filterwp_mail_fromlibrary\apf\factory\admin_page\_model\AdminPageFramework_FormEmail.php:33

filterwp_mail_from_namelibrary\apf\factory\admin_page\_model\AdminPageFramework_FormEmail.php:36

actioncurrent_screenlibrary\apf\factory\admin_page\_model\delegate\AdminPageFramework_Model_Menu__RegisterMenu.php:119

filterupdate_footerlibrary\apf\factory\admin_page\_view\AdminPageFramework_PageLoadInfo_admin_page.php:24

actionadmin_headlibrary\apf\factory\admin_page\_view\AdminPageFramework_View__PageMetaboxEnabler.php:14

filterwp_insert_attachment_datalibrary\apf\factory\meta_box\AdminPageFramework_MetaBox_Model.php:23

filterwp_insert_post_datalibrary\apf\factory\meta_box\AdminPageFramework_MetaBox_Model.php:25

filterredirect_post_locationlibrary\apf\factory\meta_box\AdminPageFramework_MetaBox_Model.php:66

actionin_admin_footerlibrary\apf\factory\network_admin_page\_view\AdminPageFramework_PageLoadInfo_network_admin_page.php:15

filterupdate_footerlibrary\apf\factory\network_admin_page\_view\AdminPageFramework_PageLoadInfo_network_admin_page.php:34

actioninitlibrary\apf\factory\post_type\AdminPageFramework_PostType_Controller.php:59

actionadmin_enqueue_scriptslibrary\apf\factory\post_type\AdminPageFramework_PostType_Model.php:26

actionadmin_menulibrary\apf\factory\post_type\AdminPageFramework_PostType_View.php:15

actionthe_contentlibrary\apf\factory\post_type\AdminPageFramework_PostType_View.php:17

actionrestrict_manage_postslibrary\apf\factory\post_type\AdminPageFramework_PostType_View.php:21

actionrestrict_manage_postslibrary\apf\factory\post_type\AdminPageFramework_PostType_View.php:22

filterparse_querylibrary\apf\factory\post_type\AdminPageFramework_PostType_View.php:23

filterpost_row_actionslibrary\apf\factory\post_type\AdminPageFramework_PostType_View.php:24

actionadmin_headlibrary\apf\factory\post_type\AdminPageFramework_PostType_View.php:25

actionget_edit_post_linklibrary\apf\factory\post_type\_controller\AdminPageFramework_Link_post_type.php:14

actionregistered_post_typelibrary\apf\factory\post_type\_model\AdminPageFramework_PostType_Model__FlushRewriteRules.php:18

actionshutdownlibrary\apf\factory\post_type\_model\AdminPageFramework_PostType_Model__FlushRewriteRules.php:40

actionadmin_menulibrary\apf\factory\post_type\_model\AdminPageFramework_PostType_Model__SubMenuOrder.php:17

actionadmin_menulibrary\apf\factory\post_type\_model\AdminPageFramework_PostType_Model__SubMenuOrder.php:18

filterupdate_footerlibrary\apf\factory\post_type\_view\AdminPageFramework_PageLoadInfo_post_type.php:27

actionshow_user_profilelibrary\apf\factory\user_meta\AdminPageFramework_UserMeta_Router.php:38

actionedit_user_profilelibrary\apf\factory\user_meta\AdminPageFramework_UserMeta_Router.php:39

actionuser_new_formlibrary\apf\factory\user_meta\AdminPageFramework_UserMeta_Router.php:40

actionpersonal_options_updatelibrary\apf\factory\user_meta\AdminPageFramework_UserMeta_Router.php:41

actionedit_user_profile_updatelibrary\apf\factory\user_meta\AdminPageFramework_UserMeta_Router.php:42

actionuser_registerlibrary\apf\factory\user_meta\AdminPageFramework_UserMeta_Router.php:43

actionshutdownlibrary\apf\factory\_common\form\error\AdminPageFramework_Form___FieldError.php:32

actionshutdownlibrary\apf\factory\_common\form\error\AdminPageFramework_Form___FieldError.php:54

filterupload_mimeslibrary\apf\factory\_common\form\field_type\image\AdminPageFramework_FieldType_image.php:17

filtermedia_upload_tabslibrary\apf\factory\_common\form\field_type\_common\_abstract\AdminPageFramework_FieldType_Base.php:101

filtergettextlibrary\apf\factory\_common\form\field_type\_common\_abstract\AdminPageFramework_FieldType_Base.php:111

actionshutdownlibrary\apf\factory\_common\form\notice\AdminPageFramework_Form___SubmitNotice.php:36

actionshutdownlibrary\apf\factory\_common\form\_model\AdminPageFramework_Form_Model___LastInput.php:29

actionshutdownlibrary\apf\factory\_common\form\_model\AdminPageFramework_Form_Model___LastInput.php:57

actionwp_enqueue_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:28

actionwp_enqueue_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:29

actionwp_footerlibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:31

actionwp_footerlibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:32

actionwp_print_footer_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:33

actionwp_print_footer_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:34

actionadmin_enqueue_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:39

actionadmin_enqueue_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:40

actioncustomize_controls_print_footer_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:42

actioncustomize_controls_print_footer_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:43

actionadmin_footerlibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:44

actionadmin_footerlibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:45

actionadmin_print_footer_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:46

actionadmin_print_footer_scriptslibrary\apf\factory\_common\form\_view\resource\AdminPageFramework_Form_View__Resource.php:47

filternonce_lifelibrary\apf\factory\_common\utility\wp_utility\AdminPageFramework_WPUtility.php:14

actionadmin_headlibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_HelpPane_Base.php:15

actionin_admin_footerlibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Link_Base.php:19

filteradmin_footer_textlibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Link_Base.php:76

filterupdate_footerlibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Link_Base.php:77

actionadmin_enqueue_scriptslibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:30

actionadmin_enqueue_scriptslibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:31

actionadmin_enqueue_scriptslibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:32

actioncustomize_controls_print_footer_scriptslibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:35

actioncustomize_controls_print_footer_scriptslibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:36

actionadmin_footerlibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:37

actionadmin_footerlibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:38

actionadmin_print_footer_scriptslibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:39

actionadmin_print_footer_scriptslibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:40

filterscript_loader_srclibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:41

filterstyle_loader_srclibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:42

filterclean_urllibrary\apf\factory\_common\_abstract\_controller\AdminPageFramework_Resource_Base.php:52

actionwp_enqueue_scriptslibrary\apf\factory\_common\_abstract\_view\AdminPageFramework_Factory___Script_Base.php:21

actionin_admin_footerlibrary\apf\factory\_common\_abstract\_view\AdminPageFramework_PageLoadInfo_Base.php:21

actioninitlibrary\apf\utility\plugin_bootstrap\AdminPageFramework_PluginBootstrap.php:39

actionadmin_enqueue_scriptslibrary\apf\utility\pointer_tool_tip\AdminPageFramework_PointerToolTip.php:36

actionadmin_print_footer_scriptslibrary\apf\utility\pointer_tool_tip\AdminPageFramework_PointerToolTip.php:110

actionadmin_noticeslibrary\apf\utility\requirement\AdminPageFramework_Requirement.php:88

actionadmin_noticeslibrary\apf\utility\requirement\AdminPageFramework_Requirement.php:109

Maintenance & Trust

Admin Page Framework Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedApr 15, 2022

PHP min version

Downloads65K

Community Trust

Rating100/100

Number of ratings23

Active installs80

Alternatives

Admin Page Framework Alternatives

Register Settings API

Add settings to your own theme or plugin. As simple as writing an array.

10 No CVEs

One Click Demo Import

one-click-demo-import

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs

CMB2

cmb2

CMB2 is a metabox, custom fields, and forms library for WordPress that will blow your mind.

300K 1 CVE

OptionTree

option-tree

Theme Options UI Builder for WordPress. A simple way to create & save Theme Options and Meta Boxes for free or premium themes.

60K 5 CVEs

Catch Themes Demo Import

catch-themes-demo-import

Catch Themes Demo Import is a simple and easy-to-use demo importer WordPress plugin that allows you to import the theme demo data Based on One Click D …

6K 2 CVEs

Developer Profile

Admin Page Framework Developer Profile

miunosoft

15 plugins · 2K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Admin Page Framework

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/admin-page-framework/admin-page-framework.php/wp-content/plugins/admin-page-framework/admin-page-framework-loader.php

Script Paths

/wp-content/plugins/admin-page-framework/admin-page-framework-loader.php

Version Parameters

admin-page-framework/admin-page-framework.php?ver=admin-page-framework/admin-page-framework-loader.php?ver=

HTML / DOM Fingerprints

CSS Classes

apf-field-container

HTML Comments

Data Attributes

data-iddata-triggerdata-default-value

JS Globals

AdminPageFramework

REST Endpoints

/wp-json/apf/

Shortcode Output

[admin_page_framework]

FAQ