Does Admin Page Spider have any unpatched vulnerabilities?

No. All known vulnerabilities in Admin Page Spider have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Admin Page Spider compatible with WordPress 6.8.5?

According to WordPress.org data, Admin Page Spider 3.36 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Admin Page Spider updated?

Admin Page Spider was last updated on Nov 21, 2025. Frequent updates are generally a positive security signal.

What is Admin Page Spider's security score?

Admin Page Spider has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Admin Page Spider Security & Risk Analysis

wordpress.org/plugins/admin-page-spider

Puts all your pages and posts into the admin bar so you can simply hover, view & edit anything in one click.

1K active installs v3.36 PHP + WP 4.3.0+ Updated Nov 21, 2025

beaver-builderdivielementorproductivitywhite-label

A · Safe

CVEs total1

Unpatched0

Last CVEApr 29, 2024

Plugin page Download

Safety Verdict

Is Admin Page Spider Safe to Use in 2026?

Generally Safe

Score 99/100

Admin Page Spider has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 29, 2024Updated 4mo ago

Risk Assessment

The "admin-page-spider" v3.36 plugin exhibits a generally strong security posture based on the static analysis. The complete absence of identified attack surface points like AJAX handlers, REST API routes, shortcodes, and cron events, especially those lacking authentication or permission checks, is highly commendable and indicates a well-designed architecture that limits potential entry points for attackers. Furthermore, the code demonstrates good practices regarding SQL queries, exclusively using prepared statements, and a very high percentage of properly escaped output, mitigating common web vulnerabilities.

However, a notable concern arises from the plugin's vulnerability history, which includes a past Cross-Site Scripting (XSS) vulnerability reported recently. Although this specific vulnerability is currently patched, the existence of a prior XSS issue suggests that careful input validation and output escaping might have been imperfect in earlier versions or that the codebase could still be susceptible to variations of this attack if not rigorously maintained. The absence of direct taint analysis findings in the current version is positive, but it doesn't entirely negate the historical risk associated with XSS, especially given the lack of explicit nonce checks identified in the static analysis, which can be a crucial layer of defense against certain types of client-side attacks.

In conclusion, "admin-page-spider" v3.36 scores well on static code analysis, showcasing robust security measures against common vulnerabilities like SQL injection and poor output handling. The minimal attack surface is a significant strength. Nevertheless, the recent history of an XSS vulnerability warrants continued vigilance. The absence of nonce checks, while not directly exploited in the current static analysis, represents a potential weakness that could be leveraged in conjunction with other factors or in future updates. Overall, it's a well-built plugin but requires ongoing monitoring due to its past security incidents.

Key Concerns

Recent XSS vulnerability history
No nonce checks identified

Vulnerabilities

Admin Page Spider Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-2401medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Admin Page Spider <= 3.31 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 29, 2024 Patched in 3.32 (18d)

Code Analysis

Analyzed Mar 16, 2026

Admin Page Spider Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped33 total outputs

Attack Surface

Admin Page Spider Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actioninitadmin-page-spider.php:27

actionadmin_headadmin-page-spider.php:56

actionadmin_menuapspider-adminsettings.php:8

actionadmin_initapspider-adminsettings.php:52

actionadmin_headapspider-functions.php:144

actionwp_headapspider-functions.php:145

actionadmin_bar_menuapspider-wordpresspages.php:8

actionapspider_extra_stylesapspider-wordpresspages.php:9

actionadmin_headapspider-wordpresspages.php:15

actionwp_before_admin_bar_renderapspider-wordpresspages.php:59

actionadmin_bar_menuapspider-wordpressposts.php:17

actionapspider_extra_stylesapspider-wordpressposts.php:18

Maintenance & Trust

Admin Page Spider Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 21, 2025

PHP min version

Downloads45K

Community Trust

Rating96/100

Number of ratings21

Active installs1K

Alternatives

Admin Page Spider Alternatives

Styler Mate for Contact Form 7

cf7-styler-for-divi

100

Style and enhance Contact Form 7 for Divi, Bricks, Elementor, Gutenberg, and more.

30K No CVEs

Fullwidth Templates for Any Theme & Page Builder

fullwidth-templates

100

When using a Page Builder, things like page title, boxed layout usually limit your creativity. This plugin helps you go fullwidth on any* theme.

30K No CVEs

Material Design Icons for Page Builders

material-design-icons-for-elementor

Material Design Icons for Page Builders - adds Google Material Design Icons into Icons control of Page Builders

20K 2 CVEs

Classified Listing Toolkits

classified-listing-toolkits

100

Enhance your Classified Listing plugin with Elementor, Divi support. Seamlessly create and manage listings using intuitive widgets, and elements.

4K No CVEs

Custom Template for LearnDash

custom-template-learndash

100

The selected custom template will replace default LearnDash course template for non-enrolled students.

1K No CVEs

Developer Profile

Admin Page Spider Developer Profile

jatacid

2 plugins · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

18 days

View full developer profile

Detection Fingerprints

How We Detect Admin Page Spider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/admin-page-spider/apspider-adminsettings.js/wp-content/plugins/admin-page-spider/apspider-wordpresspages.js/wp-content/plugins/admin-page-spider/apspider-wordpressposts.js/wp-content/plugins/admin-page-spider/apspider-adminfieldsarray.js/wp-content/plugins/admin-page-spider/apspider-adminfieldsarray.php/wp-content/plugins/admin-page-spider/admin-page-spider.php/wp-content/plugins/admin-page-spider/apspider-functions.php

Script Paths

/wp-content/plugins/admin-page-spider/apspider-adminsettings.js/wp-content/plugins/admin-page-spider/apspider-wordpresspages.js/wp-content/plugins/admin-page-spider/apspider-wordpressposts.js

HTML / DOM Fingerprints

CSS Classes

apspider_menu_classapspider_highlightedapspider_searchblueselectedapspider_highlighted_viewicon2icon3

HTML Comments

Main Menu divGive placeholder colour a set value for all browsersHighlight Grey ItemSearch+10 more

JS Globals

jQuery$

FAQ