Does DevForge Admin Toolkit have any unpatched vulnerabilities?

No. All known vulnerabilities in DevForge Admin Toolkit have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DevForge Admin Toolkit compatible with WordPress 7.0?

According to WordPress.org data, DevForge Admin Toolkit 1.0.10 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is DevForge Admin Toolkit compatible with PHP 7.2+?

DevForge Admin Toolkit requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DevForge Admin Toolkit updated?

DevForge Admin Toolkit was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is DevForge Admin Toolkit's security score?

DevForge Admin Toolkit has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DevForge Admin Toolkit Security & Risk Analysis

wordpress.org/plugins/devforge-admin-toolkit

Total Control. Zero Clutter. Ultimate Performance. The most comprehensive WordPress admin toolkit.

0 active installs v1.0.10 PHP 7.2+ WP 5.0+ Updated Feb 5, 2026

admincleanupdashboardsecuritywhite-label

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is DevForge Admin Toolkit Safe to Use in 2026?

Generally Safe

Score 100/100

DevForge Admin Toolkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The devforge-admin-toolkit v1.0.10 plugin exhibits a generally strong security posture with a large majority of its code adhering to secure coding practices. The plugin demonstrates excellent output escaping (98%) and a high percentage of SQL queries using prepared statements (70%). Nonce and capability checks are also present in a significant number of entry points. The absence of known CVEs and a history of vulnerabilities further contributes to a positive security outlook. However, the presence of one AJAX handler without authentication checks represents a notable concern and a potential entry point for unauthorized actions. While taint analysis did not reveal critical or high severity issues, the two flows with unsanitized paths warrant attention as they could lead to unexpected behavior or information disclosure in specific scenarios. The plugin's strengths lie in its robust output handling and SQL practices, but the single unprotected AJAX endpoint is a clear weakness that needs immediate remediation.

Key Concerns

AJAX handler without auth check
Flows with unsanitized paths

Vulnerabilities

None known

DevForge Admin Toolkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

DevForge Admin Toolkit Code Analysis

Dangerous Functions

Raw SQL Queries

87 prepared

Unescaped Output

825 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

70% prepared124 total queries

Output Escaping

98% escaped839 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

13 flows2 with unsanitized paths

redirect_after_save (includes\class-settings.php:90)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

DevForge Admin Toolkit Attack Surface

Entry Points32

Unprotected1

AJAX Handlers 32

authwp_ajax_devfadto_clear_widget_cacheincludes\class-dashboard-widgets.php:29

authwp_ajax_devfadto_scan_dashboardincludes\class-dashboard-widgets.php:30

authwp_ajax_devfadto_save_detected_widgetsincludes\class-dashboard-widgets.php:31

authwp_ajax_devfadto_cleanupincludes\class-performance-cleaner.php:22

authwp_ajax_devfadto_clear_activity_logincludes\pro\class-activity-log.php:43

authwp_ajax_devfadto_save_announcementincludes\pro\class-admin-announcements.php:25

authwp_ajax_devfadto_delete_announcementincludes\pro\class-admin-announcements.php:26

authwp_ajax_devfadto_dismiss_announcementincludes\pro\class-admin-announcements.php:27

authwp_ajax_devfadto_save_columnsincludes\pro\class-admin-columns.php:28

authwp_ajax_devfadto_command_searchincludes\pro\class-command-palette.php:26

authwp_ajax_devfadto_save_widgetincludes\pro\class-dashboard-builder.php:27

authwp_ajax_devfadto_delete_widgetincludes\pro\class-dashboard-builder.php:28

authwp_ajax_devfadto_get_widgetsincludes\pro\class-dashboard-builder.php:29

authwp_ajax_devfadto_save_user_notesincludes\pro\class-dashboard-builder.php:571

authwp_ajax_devfadto_export_settingsincludes\pro\class-export-import.php:22

authwp_ajax_devfadto_import_settingsincludes\pro\class-export-import.php:23

authwp_ajax_devfadto_save_heartbeatincludes\pro\class-heartbeat-control.php:32

authwp_ajax_devfadto_get_login_historyincludes\pro\class-login-history.php:36

authwp_ajax_devfadto_clear_login_historyincludes\pro\class-login-history.php:37

authwp_ajax_devfadto_scan_mediaincludes\pro\class-media-cleanup.php:23

authwp_ajax_devfadto_get_media_idsincludes\pro\class-media-cleanup.php:24

authwp_ajax_devfadto_check_media_batchincludes\pro\class-media-cleanup.php:25

authwp_ajax_devfadto_delete_unused_mediaincludes\pro\class-media-cleanup.php:26

authwp_ajax_devfadto_save_menuincludes\pro\class-menu-editor.php:37

authwp_ajax_devfadto_reset_menuincludes\pro\class-menu-editor.php:38

authwp_ajax_devfadto_get_menuincludes\pro\class-menu-editor.php:39

authwp_ajax_devfadto_create_roleincludes\pro\class-role-editor.php:23

authwp_ajax_devfadto_update_roleincludes\pro\class-role-editor.php:24

authwp_ajax_devfadto_delete_roleincludes\pro\class-role-editor.php:25

authwp_ajax_devfadto_clone_roleincludes\pro\class-role-editor.php:26

authwp_ajax_devfadto_get_role_capsincludes\pro\class-role-editor.php:27

authwp_ajax_devfadto_reset_roleincludes\pro\class-role-editor.php:28

WordPress Hooks 131

actionadmin_enqueue_scriptsdevforge-admin-toolkit.php:118

actionadmin_headdevforge-admin-toolkit.php:119

filterplugin_row_metadevforge-admin-toolkit.php:120

actionplugins_loadeddevforge-admin-toolkit.php:235

actionwp_before_admin_bar_renderincludes\class-admin-cleaner.php:24

filtershow_admin_barincludes\class-admin-cleaner.php:27

actionwp_headincludes\class-admin-cleaner.php:31

actionadmin_headincludes\class-admin-cleaner.php:32

actionwp_footerincludes\class-admin-cleaner.php:35

actionadmin_footerincludes\class-admin-cleaner.php:36

actionadmin_headincludes\class-admin-cleaner.php:39

actionadmin_headincludes\class-admin-cleaner.php:40

actionwp_dashboard_setupincludes\class-dashboard-widgets.php:25

actionwp_dashboard_setupincludes\class-dashboard-widgets.php:26

actionadmin_initincludes\class-dashboard-widgets.php:27

actionadmin_footerincludes\class-dashboard-widgets.php:28

filtercomments_openincludes\class-disable-features.php:77

filterpings_openincludes\class-disable-features.php:78

filtercomments_arrayincludes\class-disable-features.php:81

actionadmin_menuincludes\class-disable-features.php:84

actioninitincludes\class-disable-features.php:89

actionadmin_initincludes\class-disable-features.php:96

actionadmin_initincludes\class-disable-features.php:107

filtertiny_mce_pluginsincludes\class-disable-features.php:124

filterwp_resource_hintsincludes\class-disable-features.php:131

actiondo_feedincludes\class-disable-features.php:145

actiondo_feed_rdfincludes\class-disable-features.php:146

actiondo_feed_rssincludes\class-disable-features.php:147

actiondo_feed_rss2includes\class-disable-features.php:148

actiondo_feed_atomincludes\class-disable-features.php:149

actiondo_feed_rss2_commentsincludes\class-disable-features.php:150

actiondo_feed_atom_commentsincludes\class-disable-features.php:151

filterxmlrpc_enabledincludes\class-disable-features.php:170

filterwp_headersincludes\class-disable-features.php:171

filterthe_generatorincludes\class-disable-features.php:186

filterstyle_loader_srcincludes\class-disable-features.php:189

filterscript_loader_srcincludes\class-disable-features.php:190

filterrest_authentication_errorsincludes\class-disable-features.php:207

filteruse_block_editor_for_postincludes\class-disable-features.php:224

filteruse_block_editor_for_post_typeincludes\class-disable-features.php:227

actionwp_enqueue_scriptsincludes\class-disable-features.php:230

filterauto_update_coreincludes\class-disable-features.php:249

filterallow_major_auto_core_updatesincludes\class-disable-features.php:250

filterallow_minor_auto_core_updatesincludes\class-disable-features.php:251

filterallow_dev_auto_core_updatesincludes\class-disable-features.php:252

filterwp_auto_update_coreincludes\class-disable-features.php:253

filterauto_core_update_send_emailincludes\class-disable-features.php:256

filtersend_core_update_notification_emailincludes\class-disable-features.php:257

filterautomatic_updates_send_debug_emailincludes\class-disable-features.php:258

actionadmin_headincludes\class-disable-features.php:261

filtersite_transient_update_coreincludes\class-disable-features.php:267

filterauto_update_pluginincludes\class-disable-features.php:282

filterauto_plugin_update_send_emailincludes\class-disable-features.php:285

filtersend_plugin_update_notification_emailincludes\class-disable-features.php:286

actionadmin_headincludes\class-disable-features.php:289

filterwp_get_update_dataincludes\class-disable-features.php:294

filtersite_transient_update_pluginsincludes\class-disable-features.php:302

filtersite_transient_update_themesincludes\class-disable-features.php:314

filterlogin_redirectincludes\class-login-redirect.php:23

actiontemplate_redirectincludes\class-maintenance-mode.php:28

actionadmin_bar_menuincludes\class-maintenance-mode.php:29

actionadmin_headincludes\class-notices-cleaner.php:41

actionadmin_noticesincludes\class-notices-cleaner.php:66

actionadmin_headincludes\class-notices-cleaner.php:78

actionadmin_headincludes\class-notices-cleaner.php:86

actionadmin_headincludes\class-notices-cleaner.php:93

actionadmin_menuincludes\class-role-manager.php:23

actionadmin_menuincludes\class-settings.php:22

actionadmin_initincludes\class-settings.php:23

actionadmin_initincludes\class-settings.php:24

actionadmin_initincludes\class-settings.php:25

actionadmin_noticesincludes\class-settings.php:49

filterwp_redirectincludes\class-settings.php:52

actionadmin_noticesincludes\class-settings.php:84

actionwp_loginincludes\pro\class-activity-log.php:31

actionwp_logoutincludes\pro\class-activity-log.php:32

actionsave_postincludes\pro\class-activity-log.php:33

actiondelete_postincludes\pro\class-activity-log.php:34

actionactivated_pluginincludes\pro\class-activity-log.php:35

actiondeactivated_pluginincludes\pro\class-activity-log.php:36

actionuser_registerincludes\pro\class-activity-log.php:37

actionprofile_updateincludes\pro\class-activity-log.php:38

actionswitch_themeincludes\pro\class-activity-log.php:39

actionupdate_optionincludes\pro\class-activity-log.php:40

actionwp_dashboard_setupincludes\pro\class-admin-announcements.php:23

actionadmin_noticesincludes\pro\class-admin-announcements.php:24

actionadmin_initincludes\pro\class-admin-columns.php:27

actionpre_get_postsincludes\pro\class-admin-columns.php:118

actionadmin_footerincludes\pro\class-command-palette.php:25

actionadmin_bar_menuincludes\pro\class-command-palette.php:27

actionwp_dashboard_setupincludes\pro\class-dashboard-builder.php:26

filterpost_row_actionsincludes\pro\class-duplicate-post.php:33

filterpage_row_actionsincludes\pro\class-duplicate-post.php:34

actionadmin_action_devfadto_duplicate_postincludes\pro\class-duplicate-post.php:37

actionadmin_bar_menuincludes\pro\class-duplicate-post.php:41

filterbulk_actions-edit-postincludes\pro\class-duplicate-post.php:46

filterbulk_actions-edit-pageincludes\pro\class-duplicate-post.php:47

filterhandle_bulk_actions-edit-postincludes\pro\class-duplicate-post.php:48

filterhandle_bulk_actions-edit-pageincludes\pro\class-duplicate-post.php:49

actionadmin_noticesincludes\pro\class-duplicate-post.php:53

actioninitincludes\pro\class-heartbeat-control.php:30

filterheartbeat_settingsincludes\pro\class-heartbeat-control.php:31

actionlogin_enqueue_scriptsincludes\pro\class-login-customizer.php:26

filterlogin_messageincludes\pro\class-login-customizer.php:27

filterlogin_headerurlincludes\pro\class-login-customizer.php:28

filterlogin_headertextincludes\pro\class-login-customizer.php:29

filtergettextincludes\pro\class-login-customizer.php:30

filterlogin_form_bottomincludes\pro\class-login-customizer.php:31

filterlogin_footerincludes\pro\class-login-customizer.php:32

filterlogin_redirectincludes\pro\class-login-customizer.php:33

actionadmin_initincludes\pro\class-login-history.php:28

actionwp_loginincludes\pro\class-login-history.php:31

actionwp_login_failedincludes\pro\class-login-history.php:32

actionclear_auth_cookieincludes\pro\class-login-history.php:33

actionadmin_menuincludes\pro\class-menu-editor.php:33

actionadmin_headincludes\pro\class-menu-editor.php:35

actionadmin_initincludes\pro\class-menu-editor.php:36

filterlogin_errorsincludes\pro\class-security-tweaks.php:36

actiontemplate_redirectincludes\pro\class-security-tweaks.php:41

actioninitincludes\pro\class-security-tweaks.php:46

actionwp_loadedincludes\pro\class-security-tweaks.php:47

actionwp_loadedincludes\pro\class-security-tweaks.php:48

filterauthenticateincludes\pro\class-security-tweaks.php:54

actionwp_login_failedincludes\pro\class-security-tweaks.php:55

actionwp_loginincludes\pro\class-security-tweaks.php:56

actionuser_profile_update_errorsincludes\pro\class-security-tweaks.php:61

actionadmin_headincludes\pro\class-white-label.php:28

actionadmin_headincludes\pro\class-white-label.php:33

filteradmin_footer_textincludes\pro\class-white-label.php:42

filterupdate_footerincludes\pro\class-white-label.php:43

actionwp_before_admin_bar_renderincludes\pro\class-white-label.php:48

Maintenance & Trust

DevForge Admin Toolkit Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedFeb 5, 2026

PHP min version7.2

Downloads225

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

DevForge Admin Toolkit Alternatives

Admin Menu Editor

admin-menu-editor

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs

AGCA – Custom Dashboard & Login Page

ag-custom-admin

CHANGE: admin menu, login page, admin bar, dashboard widgets, custom colors, custom CSS & JS, logo & images

20K 5 CVEs

White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard

white-label

100

Our White Label WordPress plugin lets you make a custom admin experience. Create a custom login page, a custom dashboard, and much more.

10K 1 CVE

WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer

adminify

Transform your WordPress admin into a fully white-labeled, organized client dashboard. Customize, Dark mode, Secure, Boost productivity, and more.

7K 7 CVEs

Unnotifier — disable admin notices individually

unnotifier

100

Disable admin notices individually or completely. Smart plugin detection, flexible modes, clean dashboard cleanup. Free & lightweight solution.

400 No CVEs

Developer Profile

DevForge Admin Toolkit Developer Profile

DevForge

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DevForge Admin Toolkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/devforge-admin-toolkit/assets/css/admin.css/wp-content/plugins/devforge-admin-toolkit/assets/js/admin.js

Script Paths

/wp-content/plugins/devforge-admin-toolkit/assets/js/admin.js

Version Parameters

devforge-admin-toolkit/assets/css/admin.css?ver=devforge-admin-toolkit/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

devfadto-settings-section

HTML Comments

Data Attributes

data-devfadto-nonce

JS Globals

DevFadtoAdmin

FAQ