Does AdminPad have any unpatched vulnerabilities?

No. All known vulnerabilities in AdminPad have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AdminPad compatible with WordPress 6.9.4?

According to WordPress.org data, AdminPad 2.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AdminPad compatible with PHP 8.0+?

AdminPad requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AdminPad updated?

AdminPad was last updated on Dec 9, 2025. Frequent updates are generally a positive security signal.

What is AdminPad's security score?

AdminPad has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AdminPad Security & Risk Analysis

wordpress.org/plugins/adminpad

AdminPad is a simple note taker for site administrator only.

900 active installs v2.6 PHP 8.0+ WP 5.0+ Updated Dec 9, 2025

admin-notenote-takernotepadsimple-notesite-administrator

A · Safe

CVEs total1

Unpatched0

Last CVESep 29, 2022

Plugin page Download

Safety Verdict

Is AdminPad Safe to Use in 2026?

Generally Safe

Score 99/100

AdminPad has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 29, 2022Updated 3mo ago

Risk Assessment

The "adminpad" plugin v2.6 presents a mixed security posture. On the positive side, the static analysis reveals no direct entry points like AJAX handlers, REST API routes, or shortcodes that are unprotected. SQL queries are 100% prepared, and there are no apparent file operations or external HTTP requests, which are good security practices. The presence of nonce and capability checks, even if limited, suggests an awareness of security principles.

However, a significant concern arises from the output escaping. With 2 total outputs and 0% properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from the plugin's processing, if not properly escaped, could be exploited by attackers. While the taint analysis shows no unsanitized paths or critical/high severity flows, this may be due to a limited attack surface or the specific nature of the observed flows, and doesn't negate the XSS risk from unescaped output.

The vulnerability history indicates one past high-severity vulnerability, a Cross-Site Request Forgery (CSRF), which has since been patched. While there are no currently unpatched vulnerabilities, this history, coupled with the significant output escaping issue, suggests that the plugin, despite its strengths in other areas, has had security weaknesses that could reappear if not carefully managed. In conclusion, the plugin has implemented several good security controls, but the critical flaw in output escaping represents a substantial risk that needs immediate attention. The past CSRF vulnerability also warrants vigilance.

Key Concerns

Output not properly escaped
1 high severity CVE in history

Vulnerabilities

AdminPad Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-2762high · 8.8Cross-Site Request Forgery (CSRF)

AdminPad <= 2.1 - Cross-Site Request Forgery

Sep 29, 2022 Patched in 2.2 (481d)

Code Analysis

Analyzed Mar 16, 2026

AdminPad Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

bsft_adminpad_form (adminpad.php:27)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

AdminPad Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwp_dashboard_setupadminpad.php:68

Maintenance & Trust

AdminPad Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 9, 2025

PHP min version8.0

Downloads19K

Community Trust

Rating100/100

Number of ratings6

Active installs900

Alternatives

AdminPad Alternatives

Simple Admin Notes

simple-admin-notes

Adds a simple "Notes" section to the admin menu or posts

200 No CVEs

Notetaker – Sidebar Notes

notetaker-sidebar-notes

100

Add and manage notes directly from your WordPress dashboard sidebar with a simple and user-friendly interface.

0 No CVEs

WP Dashboard Notes

wp-dashboard-notes

Working with multiple persons on a website? Want to make notes? You can do just that with WP Dashboard Notes. Create beautiful notes with a nice user …

20K 3 CVEs

Sticky Notes for WP Dashboard

wb-sticky-notes

Create sticky notes in your WP admin for reminders and to-dos. Restrict notes by user roles and disable them on specific pages.

1K 1 CVE

User Notes

user-notes

Keep private notes about each of your users that only Administrators can see.

900 2 CVEs

Developer Profile

AdminPad Developer Profile

Iftekhar Bhuiyan

1 plugin · 900 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

481 days

View full developer profile

Detection Fingerprints

How We Detect AdminPad

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

textarea-wrap

Data Attributes

data-nonce-value

FAQ