WP-Safety

Admin Columns Security & Risk Analysis

wordpress.org/plugins/codepress-admin-columns

Take control of your WordPress admin list tables. Add, remove, and reorder columns for posts, users, media, and more - no coding needed.

100K active installs v7.0.14 PHP 7.4+ WP 5.9+ Updated Mar 31, 2026
admin-columnscolumnscustom-fieldslist-tablewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Admin Columns Safe to Use in 2026?

Generally Safe

Score 100/100

Admin Columns has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "codepress-admin-columns" v4.7.20 plugin exhibits a mixed security posture. On the positive side, it has no recorded CVEs, indicating a history of good security practices or diligent patching by users. The extensive use of prepared statements for SQL queries (87%) and a good number of capability checks (14) are also positive indicators. However, there are notable concerns. The presence of an unprotected AJAX handler is a significant risk, as it represents a direct entry point into the plugin's functionality without any authentication or authorization checks, potentially allowing unauthenticated users to trigger actions. The use of the `unserialize` function, while not immediately exploitable without a specific attack vector, is a known dangerous function that can lead to Remote Code Execution if not handled with extreme caution and input sanitization, which is not explicitly detailed in the static analysis but is a general concern.

The static analysis also reveals that only 58% of output is properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is outputted without adequate sanitization. While taint analysis found no flows, this doesn't entirely negate the risk associated with `unserialize` and unescaped output, as taint analysis has limitations. The lack of shortcodes, cron events, and REST API routes contributing to the attack surface is beneficial. Overall, the plugin has a relatively small attack surface, but the presence of an unprotected AJAX handler and the use of `unserialize` introduce critical security weaknesses that require immediate attention.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function: unserialize
  • Low percentage of properly escaped output
Vulnerabilities
None known

Admin Columns Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Admin Columns Release Timeline

v7.0.14Current
v7.0.13
v4.7.20
v4.7.19
v4.7.18
v4.7.7
v4.6.1
v4.5.5
v4.4.5
v4.4.4
v4.4.1
v4.3.2
v4.3
v4.2.5
v4.2.2
v4.1.6
v4.0.3
v4.0.1
v3.4.8
v3.4.6
Code Analysis
Analyzed Mar 16, 2026

Admin Columns Code Analysis

Dangerous Functions
2
Raw SQL Queries
7
46 prepared
Unescaped Output
235
331 escaped
Nonce Checks
6
Capability Checks
14
File Operations
2
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize'preferences' => $data->settings ? unserialize($data->settings, ['allowed_classes' => false]) : [],classes\ListScreenRepository\Database.php:172
unserialize'columns' => $data->columns ? unserialize($data->columns, ['allowed_classes' => false]) : [],classes\ListScreenRepository\Database.php:173

Bundled Libraries

Select2

SQL Query Safety

87% prepared53 total queries

Output Escaping

58% escaped566 total outputs
Attack Surface
1 unprotected

Admin Columns Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_ac_number_formatclasses\Ajax\NumberFormat.php:13
WordPress Hooks 65
actionadmin_menuclasses\Admin\Admin.php:28
actionin_admin_headerclasses\Admin\AdminLoader.php:37
filterscreen_settingsclasses\Admin\AdminLoader.php:78
actionnetwork_admin_menuclasses\Admin\AdminNetwork.php:38
actionac/settings/noticeclasses\Admin\Notice\DatabaseMissing.php:16
actionac/settings/noticeclasses\Admin\Notice\ReadOnlyListScreen.php:14
actioninitclasses\Admin\Scripts.php:22
actionac/capabilities/initclasses\Capabilities.php:14
actionac/screenclasses\Check\AddonAvailable.php:26
actionac/screenclasses\Check\Promotion.php:29
actionac/screenclasses\Check\Review.php:29
actioncurrent_screenclasses\Controller\DefaultColumns.php:32
actionadmin_initclasses\Controller\ListScreenRestoreColumns.php:25
actionadmin_initclasses\Controller\RestoreSettingsRequest.php:25
actioncurrent_screenclasses\Controller\TableListScreenSetter.php:49
actionadmin_headclasses\Dependencies.php:46
actionadmin_noticesclasses\Message\Notice.php:33
actionnetwork_admin_noticesclasses\Message\Notice.php:34
actionadmin_enqueue_scriptsclasses\Message\Notice.php:35
filterplugin_action_linksclasses\PluginActionLinks.php:20
filternetwork_admin_plugin_action_linksclasses\PluginActionLinks.php:21
filterplugin_action_linksclasses\PluginActionUpgrade.php:20
filternetwork_admin_plugin_action_linksclasses\PluginActionUpgrade.php:21
actionadmin_initclasses\Screen\QuickEdit.php:33
filterlist_table_primary_columnclasses\Screen\QuickEdit.php:87
actioncurrent_screenclasses\Screen.php:26
actionadmin_initclasses\Service\Colors.php:22
actionadmin_headclasses\Service\Colors.php:25
actionac/settings/after_columnsclasses\Service\ColumnsMockup.php:13
actionadmin_enqueue_scriptsclasses\Service\CommonAssets.php:29
actionac/column_typesclasses\Service\IntegrationColumns.php:25
filterpre_set_site_transient_update_pluginsclasses\Service\PluginUpdate.php:35
actionadmin_headclasses\Service\PluginUpdate.php:37
actioninitclasses\Service\Setup.php:22
actionadmin_print_scriptsclasses\Table\AdminHeadStyle.php:17
actionmanage_comments_custom_columnclasses\Table\ManageValue\Comment.php:19
actionmanage_media_custom_columnclasses\Table\ManageValue\Media.php:19
actionmanage_sites_custom_columnclasses\Table\ManageValue\MsSite.php:19
filtermanage_users_custom_columnclasses\Table\ManageValue\User.php:19
filtermedia_row_actionsclasses\Table\PrimaryColumn.php:27
filterpage_row_actionsclasses\Table\PrimaryColumn.php:33
filterpost_row_actionsclasses\Table\PrimaryColumn.php:34
filtercomment_row_actionsclasses\Table\PrimaryColumn.php:39
filterlist_table_primary_columnclasses\Table\Screen.php:80
actionadmin_enqueue_scriptsclasses\Table\Screen.php:88
actionadmin_footerclasses\Table\Screen.php:89
actionadmin_headclasses\Table\Screen.php:90
actionadmin_headclasses\Table\Screen.php:91
filteradmin_body_classclasses\Table\Screen.php:92
actionadmin_footerclasses\Table\Screen.php:93
filterscreen_settingsclasses\Table\Screen.php:94
actionac/tableclasses\Table\ScreenTools.php:11
filterscreen_settingsclasses\Table\ScreenTools.php:18
actionrestrict_manage_postsclasses\Table\TableFormView.php:41
actionrestrict_manage_usersclasses\Table\TableFormView.php:45
actionrestrict_manage_commentclasses\Table\TableFormView.php:49
filterac/post_typesclasses\ThirdParty\ACF.php:11
filtermla_list_table_column_defaultclasses\ThirdParty\MediaLibraryAssistant\ManageValue.php:12
actionac/list_keysclasses\ThirdParty\MediaLibraryAssistant\MediaLibraryAssistant.php:19
filterac/post_typesclasses\ThirdParty\NinjaForms.php:11
filterac/post_typesclasses\ThirdParty\WooCommerce.php:11
actionac/table/list_screenclasses\ThirdParty\WPML.php:24
actioninitclasses\ThirdParty\WPML.php:27
filterac/headings/labelclasses\ThirdParty\WPML.php:30
actionafter_setup_themecodepress-admin-columns.php:44
Maintenance & Trust

Admin Columns Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 31, 2026
PHP min version7.4
Downloads3.1M

Community Trust

Rating98/100
Number of ratings1,650
Active installs100K
Alternatives

Admin Columns Alternatives

Admin Columns for ACF Fields

Admin Columns for ACF Fields

admin-columns-for-acf-fields

A
92

Allows you to enable columns for your ACF fields in post and taxonomy overviews (e.g. "All Posts") in the Wordpress admin backend.

9K No CVEs
WooCommerce Product Type Column

WooCommerce Product Type Column

woocommerce-product-type-column

A
85

Displays a "product type" column (with icons) on the products admin screen in WooCommerce.

100 No CVEs
Product Publisher Info for WooCommerce

Product Publisher Info for WooCommerce

product-publisher-info

A
100

Adds a Publisher column to the WooCommerce products overview page showing the product author and last editor with date.

0 No CVEs
Checkout Field Editor (Checkout Manager) for WooCommerce

Checkout Field Editor (Checkout Manager) for WooCommerce

woo-checkout-field-editor-pro

A
93

Checkout Field Editor (Checkout Manager) for WooCommerce – The best WooCommerce checkout manager plugin to manage WooCommerce checkout fields.

500K 3 CVEs
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

flexible-checkout-fields

A
99

The best WooCommerce checkout manager. Edit, remove or add checkout fields. Customize WooCommerce checkout with this checkout field customizer.

80K 2 CVEs
Developer Profile

Admin Columns Developer Profile

Codepress

1 plugin · 100K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Admin Columns

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/codepress-admin-columns/assets/css/admin-columns.css/wp-content/plugins/codepress-admin-columns/assets/js/admin-columns.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-admin.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-editing.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-export.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-pro.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-script.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-table.js+9 more
Script Paths
/wp-content/plugins/codepress-admin-columns/assets/js/admin-columns.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-admin.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-editing.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-export.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-pro.js/wp-content/plugins/codepress-admin-columns/assets/js/dist/admin-columns-script.js+4 more
Version Parameters
codepress-admin-columns/assets/css/admin-columns.css?ver=codepress-admin-columns/assets/js/admin-columns.js?ver=codepress-admin-columns/assets/js/dist/admin-columns-admin.js?ver=codepress-admin-columns/assets/js/dist/admin-columns-editing.js?ver=codepress-admin-columns/assets/js/dist/admin-columns-export.js?ver=codepress-admin-columns/assets/js/dist/admin-columns-pro.js?ver=codepress-admin-columns/assets/js/dist/admin-columns-script.js?ver=codepress-admin-columns/assets/js/dist/admin-columns-table.js?ver=codepress-admin-columns/assets/js/dist/admin-columns-users.js?ver=codepress-admin-columns/assets/js/dist/admin-columns-wc-products.js?ver=codepress-admin-columns/assets/css/admin-columns-inline-edit.css?ver=codepress-admin-columns/assets/css/admin-columns-pro.css?ver=codepress-admin-columns/assets/css/admin-columns-table.css?ver=codepress-admin-columns/assets/css/admin-columns-users.css?ver=codepress-admin-columns/assets/css/admin-columns-wc-products.css?ver=codepress-admin-columns/assets/css/admin-columns-settings.css?ver=codepress-admin-columns/assets/js/admin-columns-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
acp-custom-field-typecolumn-setting-custom_field_typecolumn-setting-custom_field_meta_keycolumn-setting-custom_field_before_after
Data Attributes
data-ac-column-type
JS Globals
AC
FAQ

Frequently Asked Questions about Admin Columns