Does Admin Toolbox have any unpatched vulnerabilities?

No. All known vulnerabilities in Admin Toolbox have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Admin Toolbox compatible with WordPress 6.9.4?

According to WordPress.org data, Admin Toolbox 6.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Admin Toolbox updated?

Admin Toolbox was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Admin Toolbox's security score?

Admin Toolbox has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Admin Toolbox Security & Risk Analysis

wordpress.org/plugins/admin-toolbox

Manage an array of administrative options improving user control and resource management.

10 active installs v6.1.2 PHP + WP 6.0+ Updated Unknown

2faadminhide-rolerolestrack

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Admin Toolbox Safe to Use in 2026?

Generally Safe

Score 100/100

Admin Toolbox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The admin-toolbox v6.1.2 plugin exhibits a generally good security posture, particularly in its handling of SQL queries and its limited attack surface. The plugin effectively utilizes prepared statements for its two SQL queries, indicating a strong defense against SQL injection. Furthermore, the limited number of entry points, with no unprotected AJAX handlers or REST API routes, suggests a deliberate effort to restrict external access. The presence of nonce and capability checks, while limited, also contributes positively to its security. However, a significant concern arises from the low percentage of properly escaped output (7%). This suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, where user-supplied data could be rendered directly in the browser without sufficient sanitization. The single unsanitized path identified in the taint analysis, though not classified as critical or high, warrants further investigation as it could potentially lead to path traversal or file inclusion issues. The absence of any recorded vulnerabilities in its history is a positive indicator, suggesting a mature and relatively stable codebase, but it doesn't negate the risks identified in the static analysis.

Key Concerns

Low percentage of properly escaped output
Flow with unsanitized paths detected
Low percentage of properly escaped output (further deduction)

Vulnerabilities

None known

Admin Toolbox Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Admin Toolbox Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

179

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

7% escaped192 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

atb_https_redirect (atb_functions.php:473)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Admin Toolbox Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[atb_admin] atb_functions.php:32

WordPress Hooks 40

actionadmin_headatb_admin_impact.php:87

actionadmin_headatb_admin_impact.php:109

filterpre_get_postsatb_admin_impact.php:125

actionadmin_footeratb_admin_impact.php:154

actionadmin_footeratb_admin_impact.php:176

actionadmin_footeratb_admin_impact.php:212

actionadmin_footeratb_admin_impact.php:242

filterpre_site_transient_update_coreatb_admin_impact.php:253

filterpre_site_transient_update_pluginsatb_admin_impact.php:254

filterpre_site_transient_update_themesatb_admin_impact.php:255

actionadmin_footeratb_admin_impact.php:258

actionadmin_footeratb_admin_impact.php:286

actionadmin_headatb_admin_impact.php:290

filterxmlrpc_enabledatb_frontend_impact.php:27

actionadmin_footeratb_frontend_impact.php:42

actionwp_footeratb_frontend_impact.php:42

actionwp_footeratb_frontend_impact.php:46

actionactivated_pluginatb_functions.php:19

actionadmin_menuatb_functions.php:24

actioninitatb_functions.php:50

actionadmin_noticesatb_functions.php:90

actionadmin_initatb_functions.php:92

actionadmin_initatb_functions.php:121

actionlogin_enqueue_scriptsatb_functions.php:124

actioninitatb_functions.php:129

actionadmin_headatb_functions.php:299

filterupload_size_limitatb_functions.php:303

actionlogin_initatb_functions.php:316

actionlogin_initatb_functions.php:318

actionwp_loadedatb_functions.php:320

actionwp_loadedatb_functions.php:321

actionwp_loginatb_functions.php:332

filterwp_mail_content_typeatb_functions.php:340

filterwp_mail_fromatb_functions.php:341

filterwp_mail_from_nameatb_functions.php:342

actionwp_loadedatb_functions.php:483

filteradmin_email_check_intervalatb_functions.php:747

filteradmin_email_check_intervalatb_functions.php:753

actionwoocommerce_emailatb_functions.php:769

actioninitatb_functions.php:776

Maintenance & Trust

Admin Toolbox Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version

Downloads14K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Admin Toolbox Alternatives

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs

Hide Admin Bar Based on User Roles

hide-admin-bar-based-on-user-roles

100

Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi …

20K 1 CVE