Does Constellation Client Portal have any unpatched vulnerabilities?

No. All known vulnerabilities in Constellation Client Portal have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Constellation Client Portal compatible with WordPress 6.9.4?

According to WordPress.org data, Constellation Client Portal 2.7.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Constellation Client Portal compatible with PHP 7.4+?

Constellation Client Portal requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Constellation Client Portal updated?

Constellation Client Portal was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is Constellation Client Portal's security score?

Constellation Client Portal has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Constellation Client Portal Security & Risk Analysis

wordpress.org/plugins/constellation-client-portal

A professional client portal for WordPress that helps you organize clients, customers, groups, and teams. Create unlimited client pages and securely s …

10 active installs v2.7.0 PHP 7.4+ WP 6.0.0+ Updated Mar 2, 2026

client-portalcustomer-portalprivate-filesprivate-pagesprivate-posts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Constellation Client Portal Safe to Use in 2026?

Generally Safe

Score 100/100

Constellation Client Portal has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'constellation-client-portal' plugin v2.7.0 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, utilizing prepared statements exclusively, and has a high percentage of properly escaped output, indicating an awareness of common web vulnerabilities. The plugin also features a robust number of nonce and capability checks, which are crucial for securing WordPress functionalities. The absence of any recorded vulnerabilities or CVEs further suggests a history of responsible development and maintenance.

However, significant concerns arise from the attack surface analysis. A substantial portion of its AJAX handlers, 12 out of 15, lack authentication checks. This presents a considerable risk, as unauthenticated users could potentially trigger these handlers and exploit any underlying logic flaws or data manipulations. While taint analysis did not reveal critical or high severity unsanitized paths, the presence of 3 flows with unsanitized paths warrants careful review to ensure no subtle injection vulnerabilities exist. The bundled Select2 library, while not inherently problematic, could become a vector if it's an outdated version with known exploits.

In conclusion, while the plugin has commendable strengths in its handling of database interactions and output escaping, the high number of unprotected AJAX endpoints is a serious security weakness. This, combined with the presence of unsanitized paths in the taint analysis, means the plugin cannot be considered fully secure without further investigation and remediation of these specific areas. The lack of historical vulnerabilities is a good sign, but it does not negate the current risks identified.

Key Concerns

Unprotected AJAX handlers
Taint flows with unsanitized paths

Vulnerabilities

None known

Constellation Client Portal Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Constellation Client Portal Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

583 escaped

Nonce Checks

Capability Checks

113

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

96% escaped610 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths

accp_parse_request (admin\class-ars-constellation-client-portal-admin.php:231)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

12 unprotected

Constellation Client Portal Attack Surface

Entry Points18

Unprotected12

AJAX Handlers 15

authwp_ajax_wizard_add_company_via_ajaxadmin\class-ars-constellation-client-portal-wizards.php:106

authwp_ajax_wizard_add_company_home_page_via_ajaxadmin\class-ars-constellation-client-portal-wizards.php:111

authwp_ajax_accp_generate_sample_content_ajaxadmin\class-ars-constellation-client-portal-wizards.php:116

authwp_ajax_accp_dismiss_review_noticeincludes\class-ars-constellation-client-portal.php:206

authwp_ajax_accp_save_file_bulk_editincludes\class-ars-constellation-client-portal.php:331

authwp_ajax_accp_save_invoice_bulk_editincludes\class-ars-constellation-client-portal.php:379

authwp_ajax_accp_generate_new_client_pageincludes\class-ars-constellation-client-portal.php:474

authwp_ajax_accp_dismiss_duplicate_dir_assignment_noticeincludes\class-ars-constellation-client-portal.php:479

authwp_ajax_accp_create_and_assign_primary_userincludes\class-ars-constellation-client-portal.php:484

authwp_ajax_accp_assign_existing_primary_userincludes\class-ars-constellation-client-portal.php:489

authwp_ajax_accp_reassign_file_1includes\class-ars-constellation-client-portal.php:517

authwp_ajax_accp_generate_company_dirincludes\class-ars-constellation-client-portal.php:522

authwp_ajax_accp_specify_company_dirincludes\class-ars-constellation-client-portal.php:527

authwp_ajax_accp_clear_mime_type_optionincludes\class-ars-constellation-client-portal.php:532

authwp_ajax_accp_generate_user_passwordincludes\class-ars-constellation-client-portal.php:537

Shortcodes 3

[accp_clientfiles] includes\class-ars-constellation-client-portal.php:614

[accp_clientinvoices] includes\class-ars-constellation-client-portal.php:619

[accp_my_company_page] includes\class-ars-constellation-client-portal.php:624

WordPress Hooks 104

filteraccp_update_defined_settingsadmin\class-ars-constellation-client-portal-settings.php:57

actionadmin_menuadmin\class-ars-constellation-client-portal-wizards.php:76

actionadmin_menuadmin\class-ars-constellation-client-portal-wizards.php:81

actionadmin_initadmin\class-ars-constellation-client-portal-wizards.php:86

actionadmin_initadmin\class-ars-constellation-client-portal-wizards.php:91

actionadmin_headadmin\class-ars-constellation-client-portal-wizards.php:96

actionadmin_enqueue_scriptsadmin\class-ars-constellation-client-portal-wizards.php:101

filteradmin_body_classadmin\class-ars-constellation-client-portal-wizards.php:145

filteraccp_update_defined_plugin_install_wizard_pagesadmin\class-ars-constellation-client-portal-wizards.php:1197

actionplugins_loadedincludes\class-ars-constellation-client-portal.php:174

actionadmin_enqueue_scriptsincludes\class-ars-constellation-client-portal.php:199

actionadmin_enqueue_scriptsincludes\class-ars-constellation-client-portal.php:200

actionadmin_noticesincludes\class-ars-constellation-client-portal.php:205

filtermanage_users_columnsincludes\class-ars-constellation-client-portal.php:211

filtermanage_users_custom_columnincludes\class-ars-constellation-client-portal.php:212

actionafter_delete_postincludes\class-ars-constellation-client-portal.php:217

filterwp_robotsincludes\class-ars-constellation-client-portal.php:222

filterwp_sitemaps_post_typesincludes\class-ars-constellation-client-portal.php:227

filterwp_sitemaps_taxonomiesincludes\class-ars-constellation-client-portal.php:232

filterwpseo_sitemap_exclude_post_typeincludes\class-ars-constellation-client-portal.php:237

filterwpseo_sitemap_exclude_taxonomyincludes\class-ars-constellation-client-portal.php:242

actioninitincludes\class-ars-constellation-client-portal.php:252

filterquery_varsincludes\class-ars-constellation-client-portal.php:257

actionparse_requestincludes\class-ars-constellation-client-portal.php:262

actionupgrader_process_completeincludes\class-ars-constellation-client-portal.php:267

actionadmin_initincludes\class-ars-constellation-client-portal.php:272

actioninitincludes\class-ars-constellation-client-portal.php:277

actioninitincludes\class-ars-constellation-client-portal.php:288

actioninitincludes\class-ars-constellation-client-portal.php:293

actioninitincludes\class-ars-constellation-client-portal.php:294

filtermanage_edit-accp_clientfile_columnsincludes\class-ars-constellation-client-portal.php:299

actionmanage_accp_clientfile_posts_custom_columnincludes\class-ars-constellation-client-portal.php:300

actionmanage_accp_clientfile_posts_custom_columnincludes\class-ars-constellation-client-portal.php:301

actionmanage_accp_clientfile_posts_custom_columnincludes\class-ars-constellation-client-portal.php:302

actionmanage_accp_clientfile_posts_custom_columnincludes\class-ars-constellation-client-portal.php:303

filtermanage_edit-accp_clientfile_sortable_columnsincludes\class-ars-constellation-client-portal.php:304

actionrequestincludes\class-ars-constellation-client-portal.php:305

actionadmin_initincludes\class-ars-constellation-client-portal.php:310

actionsave_postincludes\class-ars-constellation-client-portal.php:311

actionquick_edit_custom_boxincludes\class-ars-constellation-client-portal.php:316

actionbulk_edit_custom_boxincludes\class-ars-constellation-client-portal.php:321

actionsave_post_accp_clientfileincludes\class-ars-constellation-client-portal.php:326

actionrestrict_manage_postsincludes\class-ars-constellation-client-portal.php:336

filterparse_queryincludes\class-ars-constellation-client-portal.php:337

actioninitincludes\class-ars-constellation-client-portal.php:348

actioninitincludes\class-ars-constellation-client-portal.php:353

actioninitincludes\class-ars-constellation-client-portal.php:354

filtermanage_edit-accp_clientinvoice_columnsincludes\class-ars-constellation-client-portal.php:359

actionmanage_accp_clientinvoice_posts_custom_columnincludes\class-ars-constellation-client-portal.php:360

actionmanage_accp_clientinvoice_posts_custom_columnincludes\class-ars-constellation-client-portal.php:361

actionmanage_accp_clientinvoice_posts_custom_columnincludes\class-ars-constellation-client-portal.php:362

actionmanage_accp_clientinvoice_posts_custom_columnincludes\class-ars-constellation-client-portal.php:363

filtermanage_edit-accp_clientinvoice_sortable_columnsincludes\class-ars-constellation-client-portal.php:364

actionrequestincludes\class-ars-constellation-client-portal.php:365

actionadmin_initincludes\class-ars-constellation-client-portal.php:370

actionsave_postincludes\class-ars-constellation-client-portal.php:371

actionquick_edit_custom_boxincludes\class-ars-constellation-client-portal.php:376

actionbulk_edit_custom_boxincludes\class-ars-constellation-client-portal.php:377

actionsave_post_accp_clientinvoiceincludes\class-ars-constellation-client-portal.php:378

actionrestrict_manage_postsincludes\class-ars-constellation-client-portal.php:384

filterparse_queryincludes\class-ars-constellation-client-portal.php:385

actionadmin_menuincludes\class-ars-constellation-client-portal.php:390

actionadmin_menuincludes\class-ars-constellation-client-portal.php:395

actionadmin_menuincludes\class-ars-constellation-client-portal.php:400

actionadmin_menuincludes\class-ars-constellation-client-portal.php:401

actionadmin_initincludes\class-ars-constellation-client-portal.php:402

actionadmin_initincludes\class-ars-constellation-client-portal.php:407

actionsave_postincludes\class-ars-constellation-client-portal.php:408

actionadmin_initincludes\class-ars-constellation-client-portal.php:413

actionshow_user_profileincludes\class-ars-constellation-client-portal.php:418

actionedit_user_profileincludes\class-ars-constellation-client-portal.php:419

actionuser_new_formincludes\class-ars-constellation-client-portal.php:420

actionpersonal_options_updateincludes\class-ars-constellation-client-portal.php:421

actionedit_user_profile_updateincludes\class-ars-constellation-client-portal.php:422

actionuser_registerincludes\class-ars-constellation-client-portal.php:423

actionwpincludes\class-ars-constellation-client-portal.php:428

actionwpincludes\class-ars-constellation-client-portal.php:429

actionpost_edit_form_tagincludes\class-ars-constellation-client-portal.php:434

actionadmin_menuincludes\class-ars-constellation-client-portal.php:435

actionsave_postincludes\class-ars-constellation-client-portal.php:436

filterupload_dirincludes\class-ars-constellation-client-portal.php:437

actioninitincludes\class-ars-constellation-client-portal.php:448

filtermanage_edit-accp_clientcompany_columnsincludes\class-ars-constellation-client-portal.php:453

actionmanage_accp_clientcompany_posts_custom_columnincludes\class-ars-constellation-client-portal.php:454

actionmanage_accp_clientcompany_posts_custom_columnincludes\class-ars-constellation-client-portal.php:455

actionmanage_accp_clientcompany_posts_custom_columnincludes\class-ars-constellation-client-portal.php:456

actionmanage_accp_clientcompany_posts_custom_columnincludes\class-ars-constellation-client-portal.php:457

actionmanage_accp_clientcompany_posts_custom_columnincludes\class-ars-constellation-client-portal.php:458

filterviews_edit-accp_clientcompanyincludes\class-ars-constellation-client-portal.php:463

actionadmin_initincludes\class-ars-constellation-client-portal.php:468

actionsave_postincludes\class-ars-constellation-client-portal.php:469

actioninitincludes\class-ars-constellation-client-portal.php:500

actioninitincludes\class-ars-constellation-client-portal.php:505

actioninitincludes\class-ars-constellation-client-portal.php:506

filtermanage_accp_client_pages_posts_columnsincludes\class-ars-constellation-client-portal.php:511

actionmanage_accp_client_pages_posts_custom_columnincludes\class-ars-constellation-client-portal.php:512

actionall_admin_noticesincludes\class-ars-constellation-client-portal.php:542

actioninitincludes\class-ars-constellation-client-portal.php:547

filterplugin_row_metaincludes\class-ars-constellation-client-portal.php:566

actionbefore_delete_postincludes\class-ars-constellation-client-portal.php:587

actionbefore_delete_postincludes\class-ars-constellation-client-portal.php:593

actionwp_enqueue_scriptsincludes\class-ars-constellation-client-portal.php:608

actionwp_enqueue_scriptsincludes\class-ars-constellation-client-portal.php:609

actionwp_enqueue_scriptspublic\shortcodes\class-ars-constellation-client-portal-list-shortcodes.php:95

Scheduled Events 1

accp_automated_email_cron

Maintenance & Trust

Constellation Client Portal Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.4

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Constellation Client Portal Alternatives

WP Customer Area

customer-area

WP Customer Area is a modular all-in-one solution to manage private content with WordPress.

10K 2 unpatched

Client Portal – Private user pages and login

client-portal

WordPress Client Portal Plugin that creates private pages for all users that only an administrator can edit.

3K 2 CVEs

Client Portal : SuiteDash Direct Login

client-portal-suitedash-login

100

WordPress Client Portal Plugin that allows you to add a custom login function directly on your WordPress site that is tied to your SuiteDash account.

1K 1 CVE

Clinked Client Portal

clinked-client-portal

The Clinked Client Portal plugin is a great addition to the popular Clinked application - a branded, feature rich client portal.

90 1 unpatched

Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation

zero-bs-crm

The CRM for small businesses. Manage leads, invoicing, billing, email marketing, clients, contacts, quotes, automation. Works with WooCommerce too.

30K 8 CVEs

Developer Profile

Constellation Client Portal Developer Profile

ARS

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Constellation Client Portal

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/constellation-client-portal/assets/css/font-awesome/css/all.min.css/wp-content/plugins/constellation-client-portal/admin/css/ars-constellation-client-portal-admin.css/wp-content/plugins/constellation-client-portal/admin/css/jquery-ui/1.11.1/themes/cupertino/jquery-ui.css/wp-content/plugins/constellation-client-portal/admin/css/select2.min.css/wp-content/plugins/constellation-client-portal/admin/js/ars-constellation-client-portal-admin.js/wp-content/plugins/constellation-client-portal/admin/js/select2.full.min.js

Script Paths

/wp-content/plugins/constellation-client-portal/admin/js/ars-constellation-client-portal-admin.js/wp-content/plugins/constellation-client-portal/admin/js/select2.full.min.js

Version Parameters

ars-constellation-client-portal-admin.css?ver=jquery-ui.css?ver=select2.min.css?ver=all.min.css?ver=ars-constellation-client-portal-admin.js?ver=select2.full.min.js?ver=

HTML / DOM Fingerprints

FAQ