WP-Safety

Cawaii Admin Security & Risk Analysis

wordpress.org/plugins/cawaii-admin

Make your admin panel cawaii!!

90 active installs v0.2.0 PHP + WP 3.2.1+ Updated Feb 23, 2012
adminbackgroundcawaiidashboardlogo
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Cawaii Admin Safe to Use in 2026?

Generally Safe

Score 85/100

Cawaii Admin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The "cawaii-admin" plugin v0.2.0 demonstrates a generally good security posture, with no recorded vulnerabilities or critical security flaws identified in static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface, and importantly, the plugin reports zero unprotected entry points. Furthermore, all SQL queries are properly prepared, indicating a strong defense against SQL injection. The presence of a nonce check is also a positive indicator for input validation.

However, a significant concern is the output escaping, with only 52% of outputs being properly escaped. This leaves a considerable portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks. While the taint analysis shows no unsanitized paths, this is based on a very limited analysis (1 flow), and the low percentage of properly escaped output is a more reliable indicator of potential risk. The plugin also lacks any capability checks, meaning actions performed by the plugin may not be restricted to authorized users, which could be a concern depending on the plugin's functionality.

In conclusion, the plugin has a strong foundation due to its small attack surface and secure database interactions. The primary weakness lies in the insufficient output escaping, which presents a moderate risk of XSS vulnerabilities. The lack of capability checks is another area for improvement. Given the lack of historical vulnerabilities, this suggests the developers are generally security-conscious, but the output escaping needs immediate attention.

Key Concerns

  • Low output escaping percentage
  • No capability checks
Vulnerabilities
None known

Cawaii Admin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Cawaii Admin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
50
54 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

52% escaped104 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<cawaii-admin> (cawaii-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Cawaii Admin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 20
actionplugins_loadedcawaii-admin.php:16
actionadmin_head-settings_page_cawaii-admin/cawaii-admincawaii-admin.php:100
actionadmin_menucawaii-admin.php:109
actionadminmenucawaii-admin.php:110
actionadmin_headcawaii-admin.php:111
actionadmin_headcawaii-admin.php:112
actionadminmenucawaii-admin.php:114
actionadmin_headcawaii-admin.php:116
actionadmin_headcawaii-admin.php:148
actionadmin_headcawaii-admin.php:154
actionadmin_headcawaii-admin.php:166
actionlogin_headcawaii-admin.php:222
actionwp_dashboard_setupcawaii-admin.php:265
actionadmin_menucawaii-admin.php:306
actiondo_meta_boxescawaii-admin.php:321
actionadmin_menucawaii-admin.php:376
actionadmin_print_scripts-settings_page_cawaii-admin/cawaii-admincawaii-admin.php:378
actionadmin_print_styles-settings_page_cawaii-admin/cawaii-admincawaii-admin.php:379
actionadmin_head-settings_page_cawaii-admin/cawaii-admincawaii-admin.php:380
actionadmin_print_styles-settings_page_cawaii-admin/cawaii-admincawaii-admin.php:429
Maintenance & Trust

Cawaii Admin Maintenance & Trust

Maintenance Signals

WordPress version tested3.3.2
Last updatedFeb 23, 2012
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs90
Alternatives

Cawaii Admin Alternatives

Custom Admin Login

Custom Admin Login

custom-admin-login

A
85

Allows you to customize the background, logo, font color, url and caption on the WordPress login page.

70 No CVEs
Background Color Changer

Background Color Changer

background-color-changer

A
85

This is a simple plugin to change the background color, text color, and heading color of the theme. This plugin provides a customizer option in the th &hellip;

20 No CVEs
WP Login Logo Changer

WP Login Logo Changer

wp-login-logo-changer-by-ahmad-awais

A
85

Add your custom logo at login screen with one simple step.

10 No CVEs
Admin Menu Editor

Admin Menu Editor

admin-menu-editor

A
96

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs
White Label CMS

White Label CMS

white-label-cms

A
93

Customise dashboard panels and branding, hide menus plus lots more.

200K 7 CVEs
Developer Profile

Cawaii Admin Developer Profile

ShinichiN

4 plugins · 260 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Cawaii Admin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cawaii-admin/inc/cawaii-style-base.css/wp-content/plugins/cawaii-admin/inc/cawaii-style-fonts-cold.css/wp-content/plugins/cawaii-admin/inc/cawaii-style-fonts-warm.css

HTML / DOM Fingerprints

CSS Classes
cawaii-select-img
Data Attributes
data-cawaii-admin-nonce
JS Globals
cawaii_login_urlcawaii_header_urlcawaii_header_widthcawaii_header_height
FAQ

Frequently Asked Questions about Cawaii Admin