Does BrandNestor have any unpatched vulnerabilities?

No. All known vulnerabilities in BrandNestor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BrandNestor compatible with WordPress 6.2.9?

According to WordPress.org data, BrandNestor 2.2.0 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is BrandNestor compatible with PHP 7.2+?

BrandNestor requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BrandNestor updated?

BrandNestor was last updated on Jul 10, 2023. Frequent updates are generally a positive security signal.

What is BrandNestor's security score?

BrandNestor has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BrandNestor Security & Risk Analysis

wordpress.org/plugins/brandnestor

Customize the WordPress dashboard, admin pages, login and register pages, and more.

200 active installs v2.2.0 PHP 7.2+ WP 5.6+ Updated Jul 10, 2023

brandingcustom-logindashboardwhite-labelwhitelabel

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BrandNestor Safe to Use in 2026?

Generally Safe

Score 85/100

BrandNestor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "brandnestor" v2.2.0 plugin exhibits a generally strong security posture based on the static analysis. The absence of known CVEs, coupled with a robust implementation of prepared statements for SQL queries and a high percentage of properly escaped output, are significant strengths. The presence of numerous nonce and capability checks on its entry points suggests a good effort to protect against common web vulnerabilities.

However, a "flow with unsanitized paths" in the taint analysis, even if not critical or high severity, warrants attention. This indicates a potential pathway for malicious input to be processed without adequate sanitization, which could lead to unexpected behavior or, in more severe cases, exploits. The plugin's attack surface, while all entry points appear to have authentication checks, still involves multiple AJAX handlers and shortcodes, which are common areas for potential vulnerabilities if not meticulously secured.

Overall, the plugin is well-defended against common threats like SQL injection and XSS due to strong coding practices. The primary area for improvement lies in thoroughly investigating and sanitizing the identified unsanitized path flow. Given the lack of historical vulnerabilities, this may be an isolated issue, but diligence is still recommended.

Key Concerns

Flow with unsanitized path found in taint analysis

Vulnerabilities

None known

BrandNestor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BrandNestor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

167 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped180 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

exit_404_page (src\Utilities\Functions.php:39)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

BrandNestor Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 7

authwp_ajax_brandnestor_save_settingssrc\Admin\Settings\Settings.php:62

authwp_ajax_brandnestor_get_admin_menus_rulessrc\Admin\Settings\Settings.php:63

authwp_ajax_brandnestor_add_admin_menus_rulesrc\Admin\Settings\Settings.php:64

authwp_ajax_brandnestor_delete_admin_menus_rulesrc\Admin\Settings\Settings.php:65

authwp_ajax_brandnestor_add_bar_menu_rulesrc\Admin\Settings\Settings.php:66

authwp_ajax_brandnestor_delete_bar_menu_rulesrc\Admin\Settings\Settings.php:67

authwp_ajax_brandnestor_get_bar_menu_rulessrc\Admin\Settings\Settings.php:68

Shortcodes 2

[brandnestor_login] src\Core\Plugin.php:167

[brandnestor_register] src\Core\Plugin.php:175

WordPress Hooks 37

actionin_admin_headersrc\Admin\Dashboard.php:43

filterwp_kses_allowed_htmlsrc\Admin\Settings\Settings.php:69

actionelementor/widgets/widgets_registeredsrc\Core\ElementorManager.php:53

actionelementor/elements/categories_registeredsrc\Core\ElementorManager.php:54

actionplugins_loadedsrc\Core\Plugin.php:93

actioninitsrc\Core\Plugin.php:97

actionactivated_pluginsrc\Core\Plugin.php:109

actiondeactivated_pluginsrc\Core\Plugin.php:113

actionadmin_bar_menusrc\Core\Plugin.php:122

actionadmin_footersrc\Core\Plugin.php:125

actionadmin_footer_textsrc\Core\Plugin.php:126

actionadmin_headsrc\Core\Plugin.php:127

actionadmin_initsrc\Core\Plugin.php:128

actionadmin_menusrc\Core\Plugin.php:129

actionwp_dashboard_setupsrc\Core\Plugin.php:131

actionadmin_bar_menusrc\Core\Plugin.php:132

actionadmin_bar_menusrc\Core\Plugin.php:133

filteradmin_titlesrc\Core\Plugin.php:135

filterupdate_footersrc\Core\Plugin.php:136

actioninitsrc\Core\Plugin.php:144

actionlogin_footersrc\Core\Plugin.php:145

actionlogin_initsrc\Core\Plugin.php:146

actionwp_footersrc\Core\Plugin.php:147

actionwp_headsrc\Core\Plugin.php:148

filterlogin_headertextsrc\Core\Plugin.php:150

filterlogin_headerurlsrc\Core\Plugin.php:151

filterlogin_titlesrc\Core\Plugin.php:152

filterlogin_urlsrc\Core\Plugin.php:153

filterlogout_urlsrc\Core\Plugin.php:154

filterregister_urlsrc\Core\Plugin.php:155

filterrest_authentication_errorssrc\Core\Plugin.php:156

filterretrieve_password_messagesrc\Core\Plugin.php:157

filtershow_admin_barsrc\Core\Plugin.php:158

filterwp_new_user_notification_emailsrc\Core\Plugin.php:159

filterwp_redirectsrc\Core\Plugin.php:160

filterbrandnestor/messagessrc\Core\RequestHandler.php:37

filterbrandnestor/errorssrc\Core\RequestHandler.php:38

Maintenance & Trust

BrandNestor Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJul 10, 2023

PHP min version7.2

Downloads4K

Community Trust

Rating100/100

Number of ratings7

Active installs200

Alternatives

BrandNestor Alternatives

Branda – White Label & Branding, Free Login Page Customizer

branda-white-labeling

White label & rebrand your login page & WordPress dashboard. Customize system emails & get everything to rebrand WordPress with Branda.

20K 7 CVEs

AGCA – Custom Dashboard & Login Page

ag-custom-admin

CHANGE: admin menu, login page, admin bar, dashboard widgets, custom colors, custom CSS & JS, logo & images

20K 5 CVEs

White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard

white-label

100

Our White Label WordPress plugin lets you make a custom admin experience. Create a custom login page, a custom dashboard, and much more.

10K 1 CVE

Ultimate Client Dash

ulimate-client-dash

Create a custom client dashboard, manage user capabilities, white label and rebrand WordPress, provide instructions, create custom widgets and more.

2K 1 unpatched

Easy White Label

wp-white-label-login

Enhance login experience with a customized login, registration, and lost password page. Activate and enjoy a seamless branded login area.

50 No CVEs

Developer Profile

BrandNestor Developer Profile

Mike Pap

2 plugins · 250 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BrandNestor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/brandnestor/assets/css/admin.css/wp-content/plugins/brandnestor/assets/js/dashboard.js/wp-content/plugins/brandnestor/assets/js/login.js/wp-content/plugins/brandnestor/assets/js/settings.js

Script Paths

/wp-content/plugins/brandnestor/vendor/assets/js/core.js

Version Parameters

brandnestor/assets/css/admin.css?ver=brandnestor/assets/js/dashboard.js?ver=brandnestor/assets/js/login.js?ver=brandnestor/assets/js/settings.js?ver=brandnestor/vendor/assets/js/core.js?ver=

HTML / DOM Fingerprints

CSS Classes

brandnestor-settings-sectionbrandnestor-form-groupbrandnestor-form-fieldbrandnestor-checkboxbrandnestor-buttonbrandnestor-dashboard-panelbrandnestor-login-wrapperbrandnestor-register-wrapper

HTML Comments

+4 more

Data Attributes

data-brandnestor-setting-groupdata-brandnestor-setting-fielddata-brandnestor-toggledata-brandnestor-targetdata-brandnestor-conditional

JS Globals

BrandNestorSettingsbrandnestorAjax

REST Endpoints

/wp-json/brandnestor/v1/settings/wp-json/brandnestor/v1/menus/rules/wp-json/brandnestor/v1/bar/menu/rules

Shortcode Output

[brandnestor_login_form][brandnestor_register_form][brandnestor_dashboard_welcome]

FAQ