WP-Safety

WP Frontend Admin – Display WP Admin Pages in the Frontend Security & Risk Analysis

wordpress.org/plugins/display-admin-page-on-frontend

Show Gutenberg Editor in the Frontend. Display WP Admin Pages in the Frontend. Create custom dashboards in the front end, Allow to Edit in the Fronten …

600 active installs v1.22.8 PHP + WP 3.6+ Updated Oct 24, 2025
custom-dashboarddashboardfrontend-editorfrontend-dashboarduser-dashboard
99
A · Safe
CVEs total1
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is WP Frontend Admin – Display WP Admin Pages in the Frontend Safe to Use in 2026?

Generally Safe

Score 99/100

WP Frontend Admin – Display WP Admin Pages in the Frontend has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 22, 2025Updated 5mo ago
Risk Assessment

The "display-admin-page-on-frontend" plugin v1.22.8 exhibits a generally good security posture, with a robust implementation of WordPress security best practices. The absence of unprotected entry points and a significant majority of SQL queries utilizing prepared statements are positive indicators. Furthermore, the high percentage of properly escaped output and the presence of numerous capability and nonce checks suggest a deliberate effort to secure the plugin against common web vulnerabilities.

However, the static analysis does reveal some areas for concern. The taint analysis shows four high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data might not be sufficiently validated or escaped before being used in a sensitive operation. While the plugin has a history of one medium severity CVE related to Cross-site Scripting, the fact that it's listed with a future date (2025-09-22) suggests either this is a known upcoming vulnerability or a reporting anomaly; regardless, past XSS vulnerabilities warrant continued vigilance.

In conclusion, the plugin demonstrates strong foundational security. The primary risks lie within the identified high-severity taint flows, which need thorough investigation and remediation. The past CVE, though medium, highlights the importance of ongoing security reviews and diligent patching for any future vulnerabilities. The plugin's strengths in authentication and escaping are commendable, but the taint analysis findings prevent a perfect score and require attention.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Past medium severity CVE (XSS)
  • File operations detected
  • External HTTP requests detected
  • Bundled library (Freemius v1.0)
Vulnerabilities
1

WP Frontend Admin – Display WP Admin Pages in the Frontend Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-57898medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Frontend Admin <= 1.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 1.22.8 (39d)
Code Analysis
Analyzed Mar 16, 2026

WP Frontend Admin – Display WP Admin Pages in the Frontend Code Analysis

Dangerous Functions
0
Raw SQL Queries
11
6 prepared
Unescaped Output
31
138 escaped
Nonce Checks
5
Capability Checks
19
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

35% prepared17 total queries

Output Escaping

82% escaped169 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths
maybe_redirect_direct_link (index.php:1115)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Frontend Admin – Display WP Admin Pages in the Frontend Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 1

authwp_ajax_vg_frontend_admin_save_quick_settingsindex.php:289

Shortcodes 7

[vg_display_admin_page] inc\shortcodes.php:13
[vg_display_logout_link] inc\shortcodes.php:14
[vg_display_logout_url] inc\shortcodes.php:15
[vg_display_login_url] inc\shortcodes.php:16
[vg_display_edit_link] inc\shortcodes.php:17
[vg_display_edit_url] inc\shortcodes.php:18
[wp_frontend_admin_login_form] inc\shortcodes.php:19
WordPress Hooks 76
actionadmin_initinc\access-restrictions.php:48
actionadmin_initinc\access-restrictions.php:49
actionadmin_headinc\access-restrictions.php:50
actionwp_frontend_admin/quick_settings/after_saveinc\access-restrictions.php:52
actionadmin_initinc\access-restrictions.php:53
actionadmin_initinc\access-restrictions.php:54
actionwpinc\access-restrictions.php:56
actionwpinc\access-restrictions.php:57
actionwp_headinc\access-restrictions.php:58
actioninitinc\access-restrictions.php:62
actionlogin_initinc\access-restrictions.php:63
actionwp_frontend_admin/frontend_page_createdinc\access-restrictions.php:65
filtervg_admin_to_frontend/skip_frontend_dashboard_enforcementinc\access-restrictions.php:70
filtermap_meta_capinc\access-restrictions.php:73
filterenable_edit_any_user_configurationinc\access-restrictions.php:80
filteradmin_headinc\access-restrictions.php:81
actionwp_loadedinc\access-restrictions.php:615
actionwp_frontend_admin/quick_settings/after_saveinc\change-texts.php:31
actionadmin_initinc\change-texts.php:38
actionshutdowninc\change-texts.php:39
actionwp_frontend_admin/quick_settings/after_fieldsinc\change-texts.php:42
filteraioseo_conflicting_shortcodesinc\compatibility\aio-seo.php:3
actionadmin_initinc\compatibility\elementor.php:16
actionget_edit_post_linkinc\compatibility\elementor.php:17
actionwp_enqueue_scriptsinc\compatibility\elementor.php:18
filtervg_frontend_admin/compatible_default_editorsinc\compatibility\elementor.php:19
filterelementor/document/urls/editinc\compatibility\elementor.php:20
filterwp_frontend_admin/text_edits_for_current_pageinc\compatibility\elementor.php:21
filteradmin_urlinc\compatibility\elementor.php:22
actionelementor/element/editor-preferences/preferences/before_section_endinc\compatibility\elementor.php:23
actionadmin_print_footer_scriptsinc\compatibility\elementor.php:25
filterupdate_post_metadatainc\compatibility\elementor.php:26
filterpre_option_elementor_element_cache_ttlinc\compatibility\elementor.php:27
actioninitinc\compatibility\elementor.php:208
filterelectro_enable_mobile_front_pageinc\global-dashboard.php:65
actioninitinc\options-page.php:15
actionadmin_menuinc\options-page.php:51
actionnetwork_admin_menuinc\options-page.php:53
filterlogin_form_middleinc\shortcodes.php:93
filterlogin_form_middleinc\shortcodes.php:400
actionwp_frontend_admin/quick_settings/after_saveinc\show-own-posts.php:16
actionpre_get_postsinc\show-own-posts.php:19
filterajax_query_attachments_argsinc\show-own-posts.php:20
actionwp_frontend_admin/quick_settings/after_fieldsinc\show-own-posts.php:22
actioncurrent_screeninc\table-columns-manager.php:16
actionwp_frontend_admin/quick_settings/after_saveinc\table-columns-manager.php:17
actionadmin_footerinc\table-columns-manager.php:18
actionadmin_footerinc\table-columns-manager.php:19
actionwp_frontend_admin/quick_settings/after_fieldsinc\table-columns-manager.php:21
actionadmin_initindex.php:281
actionadmin_headindex.php:282
actionbkntc_enqueue_assetsindex.php:284
actionadmin_menuindex.php:285
actionnetwork_admin_menuindex.php:286
actionadmin_initindex.php:287
actionadmin_bar_menuindex.php:288
actiontransition_post_statusindex.php:290
actiontransition_post_statusindex.php:296
filterredirect_post_locationindex.php:302
actionadmin_noticesindex.php:303
actionadmin_footerindex.php:305
filteradmin_body_classindex.php:307
actionwpindex.php:315
actioncustomize_controls_print_scriptsindex.php:318
actionwp_headindex.php:319
filterwp_die_handlerindex.php:320
actionafter_setup_themeindex.php:321
actionget_edit_post_linkindex.php:323
actionwpuf_edit_post_linkindex.php:325
actionwp_authenticateindex.php:331
actionwp_login_failedindex.php:337
filterlogout_redirectindex.php:339
actionclean_site_cacheindex.php:346
filterbody_classindex.php:353
filteradmin_email_check_intervalindex.php:355
filtershow_admin_barindex.php:1159

Scheduled Events 1

wp_scheduled_auto_draft_delete
Maintenance & Trust

WP Frontend Admin – Display WP Admin Pages in the Frontend Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 24, 2025
PHP min version
Downloads40K

Community Trust

Rating98/100
Number of ratings54
Active installs600
Alternatives

WP Frontend Admin – Display WP Admin Pages in the Frontend Alternatives

Rimplates

Rimplates

rimplates

A
85

Rimplates is a dashboard maker for wordpress. Using this Plugin is simple, install it, Rimplates will appear on your admin dashboard menu (with abilit &hellip;

10 No CVEs
Ultimate Dashboard – Custom WordPress Dashboard

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

A
97

The #1 Plugin to Customize the WordPress Dashboard!

60K 8 CVEs
AGCA – Custom Dashboard & Login Page

AGCA – Custom Dashboard & Login Page

ag-custom-admin

A
97

CHANGE: admin menu, login page, admin bar, dashboard widgets, custom colors, custom CSS & JS, logo & images

20K 5 CVEs
Branda – White Label & Branding, Free Login Page Customizer

Branda – White Label & Branding, Free Login Page Customizer

branda-white-labeling

A
89

White label & rebrand your login page & WordPress dashboard. Customize system emails & get everything to rebrand WordPress with Branda.

20K 7 CVEs
Frontend Admin by DynamiApps

Frontend Admin by DynamiApps

acf-frontend-form-element

B
76

This awesome plugin allows you to easily display frontend forms on your site so your clients can easily edit content by themselves from the frontend.

10K 12 CVEs
Developer Profile

WP Frontend Admin – Display WP Admin Pages in the Frontend Developer Profile

Jose Vega

20 plugins · 30K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
258 days
View full developer profile
Detection Fingerprints

How We Detect WP Frontend Admin – Display WP Admin Pages in the Frontend

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/display-admin-page-on-frontend/assets/css/backend.css/wp-content/plugins/display-admin-page-on-frontend/assets/css/frontend.css/wp-content/plugins/display-admin-page-on-frontend/assets/css/style.css/wp-content/plugins/display-admin-page-on-frontend/assets/js/backend.js/wp-content/plugins/display-admin-page-on-frontend/assets/js/frontend.js/wp-content/plugins/display-admin-page-on-frontend/assets/js/vg-admin-to-frontend.js
Script Paths
/wp-content/plugins/display-admin-page-on-frontend/assets/js/backend.js/wp-content/plugins/display-admin-page-on-frontend/assets/js/frontend.js/wp-content/plugins/display-admin-page-on-frontend/assets/js/vg-admin-to-frontend.js
Version Parameters
display-admin-page-on-frontend/assets/css/backend.css?ver=display-admin-page-on-frontend/assets/css/frontend.css?ver=display-admin-page-on-frontend/assets/css/style.css?ver=display-admin-page-on-frontend/assets/js/backend.js?ver=display-admin-page-on-frontend/assets/js/frontend.js?ver=display-admin-page-on-frontend/assets/js/vg-admin-to-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
vgfa-admin-pagevgfa-login-pagevgfa-register-pagevgfa-lost-password-pagevgfa-admin-menu-itemvgfa-admin-bar-nodevgfa-post-editor
HTML Comments
<!-- VG_Admin_To_Frontend Start --><!-- VG_Admin_To_Frontend End -->
Data Attributes
data-vgfa-post-iddata-vgfa-post-typedata-vgfa-current-screendata-vgfa-current-post-type
JS Globals
VG_Admin_To_Frontend_Objvgfa_global_vars
REST Endpoints
/wp-json/vgfa/v1/get_user_permissions/wp-json/vgfa/v1/get_post_permissions/wp-json/vgfa/v1/save_post
Shortcode Output
[vg_display_admin_page][vg_display_admin_login][vg_display_admin_register][vg_display_admin_lost_password]
FAQ

Frequently Asked Questions about WP Frontend Admin – Display WP Admin Pages in the Frontend