WP-Safety

Adminimize Security & Risk Analysis

wordpress.org/plugins/adminimize

Adminimize that lets you hide 'unnecessary' items from the WordPress backend

200K active installs v1.11.11 PHP + WP 4.0+ Updated Mar 15, 2024
administrationcustomization
84
B · Generally Safe
CVEs total2
Unpatched0
Last CVEAug 1, 2014
Plugin page Download
Safety Verdict

Is Adminimize Safe to Use in 2026?

Mostly Safe

Score 84/100

Adminimize is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved. Keep it updated.

2 known CVEsLast CVE: Aug 1, 2014Updated 2yr ago
Risk Assessment

The "Adminimize" plugin v1.11.11 presents a mixed security posture. While the static analysis reveals a small attack surface with no identified unprotected entry points (AJAX, REST API, shortcodes, cron), and the taint analysis found no critical or high severity issues, there are areas of concern. The plugin utilizes only one SQL query and none of them are prepared statements, which represents a significant risk of SQL injection if the input for this query is not rigorously sanitized. Furthermore, a substantial portion of output (79%) is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history shows two known medium severity CVEs, both related to XSS, with the last reported in 2014. While there are no currently unpatched vulnerabilities, the historical pattern of XSS issues, coupled with the static analysis findings of poor output escaping, suggests a recurring weakness in handling user-supplied data before rendering it in the browser. The plugin also bundles the Select2 library, which could be outdated and introduce vulnerabilities if not managed carefully.

Key Concerns

  • 100% of SQL queries are not prepared
  • Only 21% of outputs are properly escaped
  • Bundled library (Select2) may be outdated
  • Historical medium severity XSS vulnerabilities
Vulnerabilities
2

Adminimize Security Vulnerabilities

CVEs by Year

2 CVEs in 2014
2014
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2011-4926medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Adminimize <= 1.7.21 - Cross-Site Scripting

Aug 1, 2014 Patched in 1.7.22 (3462d)
CVE-2011-5128medium · 5.3Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Adminimize < 1.7.22 - Cross-Site Scripting

Aug 1, 2014 Patched in 1.7.22 (3462d)
Code Analysis
Analyzed Mar 16, 2026

Adminimize Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
120
32 escaped
Nonce Checks
7
Capability Checks
10
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

0% prepared1 total queries

Output Escaping

21% escaped152 total outputs
Data Flows
All sanitized

Data Flow Analysis

9 flows
_mw_adminimize_update (adminimize.php:1313)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Adminimize Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 49
actionadminimize.logadminimize.php:300
actionwp_footeradminimize.php:301
filterwp_default_editoradminimize.php:420
actionadmin_headadminimize.php:443
actionadmin_headadminimize.php:447
actionadmin_headadminimize.php:453
actionadmin_headadminimize.php:457
actionadmin_headadminimize.php:461
actionadmin_headadminimize.php:465
filteradmin_menuadminimize.php:471
actionadmin_headadminimize.php:474
actionadmin_initadminimize.php:477
actionadmin_menuadminimize.php:478
actionadmin_menuadminimize.php:479
filterplugin_action_linksadminimize.php:1215
actionload-settings_page_adminimize/adminimizeinc-options\settings_notice.php:14
actionwp_before_admin_bar_renderinc-setup\admin-bar-items.php:16
actionwp_before_admin_bar_renderinc-setup\admin-bar-items.php:18
actionadmin_initinc-setup\admin-footer.php:24
actionin_admin_footerinc-setup\admin-footer.php:31
actionwp_dashboard_setupinc-setup\dashboard.php:22
actionwp_dashboard_setupinc-setup\dashboard.php:42
actionadmin_head-index.phpinc-setup\dashboard.php:91
actionadmin_initinc-setup\export.php:16
actionadmin_initinc-setup\export.php:17
actioninitinc-setup\footer.php:13
actionadmin_initinc-setup\footer.php:33
actionadmin_initinc-setup\import.php:16
filterdo_meta_boxesinc-setup\meta-boxes.php:23
actioninitinc-setup\remove-admin-bar.php:16
actioninitinc-setup\remove-admin-bar.php:119
actionwp_before_admin_bar_renderinc-setup\remove-admin-bar.php:156
actionwp_before_admin_bar_renderinc-setup\remove-admin-bar.php:159
actionadmin_bar_menuinc-setup\remove-admin-bar.php:160
actionwp_headinc-setup\remove-admin-bar.php:161
actionadmin_headinc-setup\remove-admin-bar.php:162
actionwp_before_admin_bar_renderinc-setup\remove-admin-bar.php:165
actionadmin_bar_menuinc-setup\remove-admin-bar.php:166
actionwp_headinc-setup\remove-admin-bar.php:167
actionadmin_headinc-setup\remove-admin-bar.php:168
filtershow_admin_barinc-setup\remove-admin-bar.php:234
filterwp_admin_bar_classinc-setup\remove-admin-bar.php:235
filtershow_wp_pointer_admin_barinc-setup\remove-admin-bar.php:236
actionin_admin_headerinc-setup\remove-admin-bar.php:258
actionadmin_initinc-setup\remove-admin-notices.php:28
actionadmin_headinc-setup\remove-admin-notices.php:35
actionafter_setup_themeinc-setup\widget.php:59
actionwidgets_initinc-setup\widget.php:63
actionwidgets_initinc-setup\widget.php:64
Maintenance & Trust

Adminimize Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedMar 15, 2024
PHP min version
Downloads3.1M

Community Trust

Rating94/100
Number of ratings253
Active installs200K
Alternatives

Adminimize Alternatives

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

A
96

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs
Remove Dashboard Access

Remove Dashboard Access

remove-dashboard-access-for-non-admins

A
92

Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.

30K No CVEs
Custom Login

Custom Login

custom-login

A
100

Custom Login allows you to easily customize your admin login page, works great for client sites!

20K 1 CVE
Error Log Monitor

Error Log Monitor

error-log-monitor

A
99

Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.

20K 1 CVE
Favicon Rotator

Favicon Rotator

favicon-rotator

A
92

Easily set site favicon and even rotate through multiple icons

20K 1 CVE
Developer Profile

Adminimize Developer Profile

WP Media

8 plugins · 2.0M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
1621 days
View full developer profile
Detection Fingerprints

How We Detect Adminimize

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/adminimize/css/adminimize.css/wp-content/plugins/adminimize/css/adminimize-metabox.css/wp-content/plugins/adminimize/css/colorbox/colorbox.css/wp-content/plugins/adminimize/js/adminimize.js/wp-content/plugins/adminimize/js/colorbox/jquery.colorbox-min.js/wp-content/plugins/adminimize/js/adminimize-admin.js
Version Parameters
/wp-content/plugins/adminimize/css/adminimize.css?ver=/wp-content/plugins/adminimize/css/adminimize-metabox.css?ver=/wp-content/plugins/adminimize/css/colorbox/colorbox.css?ver=/wp-content/plugins/adminimize/js/adminimize.js?ver=/wp-content/plugins/adminimize/js/colorbox/jquery.colorbox-min.js?ver=/wp-content/plugins/adminimize/js/adminimize-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
adminimize-menuadminimize-menu-itemadminimize-menu-subadminimize-meta-boxadminimize-contentadminimize-colorboxadminimize-colorbox-imageadminimize-colorbox-icon
HTML Comments
AdminimizeAdminimize (c) 2015 WP Media - http://wp-media.meAdminimize Icon ColorboxAdminimize-Meta-Box+3 more
Data Attributes
data-adminimize-iddata-adminimize-textdata-adminimize-type
JS Globals
adminimizeColorboxadminimizeOptions
REST Endpoints
/wp-json/adminimize/
FAQ

Frequently Asked Questions about Adminimize