Does Client Portal – Private user pages and login have any unpatched vulnerabilities?

No. All known vulnerabilities in Client Portal – Private user pages and login have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Client Portal – Private user pages and login compatible with WordPress 6.9.4?

According to WordPress.org data, Client Portal – Private user pages and login 1.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Client Portal – Private user pages and login updated?

Client Portal – Private user pages and login was last updated on Jan 22, 2026. Frequent updates are generally a positive security signal.

What is Client Portal – Private user pages and login's security score?

Client Portal – Private user pages and login has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Client Portal – Private user pages and login Security & Risk Analysis

wordpress.org/plugins/client-portal

WordPress Client Portal Plugin that creates private pages for all users that only an administrator can edit.

3K active installs v1.2.2 PHP + WP 3.1+ Updated Jan 22, 2026

client-portalprivate-client-pageprivate-contentprivate-pagesprivate-user-page

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 22, 2023

Plugin page Download

Safety Verdict

Is Client Portal – Private user pages and login Safe to Use in 2026?

Generally Safe

Score 99/100

Client Portal – Private user pages and login has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 22, 2023Updated 2mo ago

Risk Assessment

The "client-portal" plugin v1.2.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, performing an adequate number of nonce and capability checks, and having no identified file operations or external HTTP requests. The attack surface is also relatively small, with no unprotected entry points identified in the static analysis. However, a significant concern arises from the low percentage (31%) of properly escaped output. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the user's browser. The vulnerability history further exacerbates this concern, with two known medium-severity CVEs, both of which were Cross-Site Request Forgery (CSRF) related. While these are currently patched, the pattern indicates that the plugin has had past security weaknesses. The lack of taint analysis data means we cannot definitively rule out other critical vulnerabilities, but the existing issues with output escaping and past CSRF vulnerabilities are tangible risks.

Key Concerns

Low percentage of properly escaped output
Past medium severity CVEs (CSRF)

Vulnerabilities

Client Portal – Private user pages and login Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-25968medium · 5.4Cross-Site Request Forgery (CSRF)

Client Portal – Private user pages and login <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users function

Feb 22, 2023 Patched in 1.1.9 (335d)

WF-c3319993-6f2c-425d-8cb2-ab26f7a52139-client-portalmedium · 4.3Cross-Site Request Forgery (CSRF)

Client Portal <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users

Feb 21, 2023 Patched in 1.1.9 (336d)

Code Analysis

Analyzed Mar 16, 2026

Client Portal – Private user pages and login Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

31% escaped39 total outputs

Attack Surface

Client Portal – Private user pages and login Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[client-portal] index.php:89

[cp-private-page-content] index.php:92

WordPress Hooks 26

actioninitindex.php:54

actionuser_registerindex.php:56

actiondelete_userindex.php:58

filterthe_contentindex.php:60

actiontemplate_redirectindex.php:62

filtercomments_openindex.php:64

filterwp_list_comments_argsindex.php:66

filterthe_commentsindex.php:68

filtertemplate_includeindex.php:70

filteruser_row_actionsindex.php:72

filteradmin_footer-users.phpindex.php:75

actionrestrict_manage_usersindex.php:76

actionadmin_action_create_private_pageindex.php:77

filterthe_contentindex.php:80

filterthe_contentindex.php:83

filterthe_contentindex.php:86

actionadmin_menuindex.php:95

actionadmin_initindex.php:97

actionadmin_noticesindex.php:99

actionadmin_enqueue_scriptsindex.php:101

actioninitindex.php:103

filterget_previous_post_whereindex.php:106

filterget_next_post_whereindex.php:107

actioninitindex.php:109

actionadmin_noticesindex.php:118

actionplugins_loadedindex.php:992

Maintenance & Trust

Client Portal – Private user pages and login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 22, 2026

PHP min version

Downloads145K

Community Trust

Rating86/100

Number of ratings23

Active installs3K

Alternatives

Client Portal – Private user pages and login Alternatives

Constellation Client Portal

constellation-client-portal

100

A professional client portal for WordPress that helps you organize clients, customers, groups, and teams. Create unlimited client pages and securely s …

10 No CVEs

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

zero-bs-crm

The CRM for small businesses. Manage leads, invoicing, billing, email marketing, clients, contacts, quotes, automation. Works with WooCommerce too.

30K 8 CVEs

WP Customer Area

customer-area

WP Customer Area is a modular all-in-one solution to manage private content with WordPress.

10K 2 unpatched

Client Portal : SuiteDash Direct Login

client-portal-suitedash-login

100

WordPress Client Portal Plugin that allows you to add a custom login function directly on your WordPress site that is tied to your SuiteDash account.

1K 1 CVE

LH Private Content Login

lh-private-content-login

Redirects non-logged users to the login page when they follow a link to a post, page, or cpt which is protected by post status.

300 No CVEs

Developer Profile

Client Portal – Private user pages and login Developer Profile

madalin.ungureanu

3 plugins · 14K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

269 days

View full developer profile

Detection Fingerprints

How We Detect Client Portal – Private user pages and login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/client-portal/assets/css/admin.css/wp-content/plugins/client-portal/assets/css/client-portal.css/wp-content/plugins/client-portal/assets/js/admin.js/wp-content/plugins/client-portal/assets/js/client-portal.js

Script Paths

/wp-content/plugins/client-portal/assets/js/admin.js/wp-content/plugins/client-portal/assets/js/client-portal.js

Version Parameters

client-portal/assets/css/admin.css?ver=client-portal/assets/css/client-portal.css?ver=client-portal/assets/js/admin.js?ver=client-portal/assets/js/client-portal.js?ver=

HTML / DOM Fingerprints

CSS Classes

cp-admin-wrapcp-clients-page-titlecp-page-titlecp-users-page-title

HTML Comments

Data Attributes

data-cp-iddata-cp-usernamedata-cp-user-id

JS Globals

cp_ajax_objCP_SHORTCODE_PARAMS

REST Endpoints

/wp-json/client-portal/v1/users

Shortcode Output

[client-portal][cp-private-page-content]

FAQ