WP-Safety

Fiber Admin Security & Risk Analysis

wordpress.org/plugins/fiber-admin

Bring multiple customization features to make your own WordPress admin.

200 active installs v3.2.7 PHP 7.4+ WP 5.2+ Updated Sep 15, 2025
content-protectionduplicate-postwhite-label
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Fiber Admin Safe to Use in 2026?

Generally Safe

Score 100/100

Fiber Admin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The fiber-admin plugin version 3.2.7 presents a notable security risk due to a significant number of unprotected AJAX handlers. With four AJAX handlers identified and all of them lacking authentication checks, this plugin exposes a substantial attack surface that could be exploited by unauthenticated users. While the plugin shows some good practices like a relatively low number of SQL queries and a decent percentage of output escaping, the absence of authorization on these critical entry points overshadows these strengths. The taint analysis did not reveal critical or high-severity unsanitized flows, and the plugin has no recorded vulnerability history, suggesting it might not have been a target or has been maintained without major public disclosures. However, the unprotected AJAX endpoints are a direct invitation for attackers to explore and potentially exploit functionalities that should be restricted.

Key Concerns

  • Unprotected AJAX handlers
  • SQL queries without prepared statements
  • Output escaping not fully implemented
Vulnerabilities
None known

Fiber Admin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Fiber Admin Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
36
78 escaped
Nonce Checks
2
Capability Checks
3
File Operations
3
External Requests
1
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

68% escaped114 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
fiad_db_error_file (includes\db-error.php:17)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Fiber Admin Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_fiad_cpo_updateincludes\cpo.php:16
noprivwp_ajax_fiad_cpo_updateincludes\cpo.php:17
authwp_ajax_fiad_cpo_tax_updateincludes\cpo.php:19
noprivwp_ajax_fiad_cpo_tax_updateincludes\cpo.php:20
WordPress Hooks 58
actioninitfiberadmin.php:38
actionplugins_loadedfiberadmin.php:68
actionadmin_enqueue_scriptsfiberadmin.php:130
filtersanitize_file_name_charsincludes\attachment.php:13
filtersanitize_file_nameincludes\attachment.php:16
filteradd_attachmentincludes\attachment.php:19
actionwp_footerincludes\content.php:22
filterwp_revisions_to_keepincludes\content.php:29
actionadmin_menuincludes\content.php:35
actioninitincludes\content.php:38
actionwp_before_admin_bar_renderincludes\content.php:41
actionload-edit.phpincludes\cpo.php:12
actionadmin_enqueue_scriptsincludes\cpo.php:13
actionwp_insert_postincludes\cpo.php:15
actionpre_get_postsincludes\cpo.php:22
filtercreate_termincludes\cpo.php:23
filterget_terms_orderbyincludes\cpo.php:24
filterget_terms_argsincludes\cpo.php:25
actionadmin_initincludes\db-error.php:12
filteradmin_titleincludes\default.php:15
filterlogin_titleincludes\default.php:18
filteradmin_footer_textincludes\default.php:21
actionadmin_headincludes\default.php:24
actionadmin_initincludes\default.php:27
filterlogin_headerurlincludes\default.php:30
filterlogin_headertextincludes\default.php:31
filtergettextincludes\default.php:34
actionlogin_enqueue_scriptsincludes\default.php:37
filtershow_admin_barincludes\default.php:41
actionwp_print_stylesincludes\default.php:42
actionwp_print_stylesincludes\default.php:44
actionwp_before_admin_bar_renderincludes\default.php:48
filterthe_generatorincludes\default.php:65
filterrevslider_meta_generatorincludes\default.php:68
actionwp_headincludes\default.php:71
actionadmin_headincludes\default.php:74
filterauto_update_coreincludes\default.php:80
filterautomatic_updater_disabledincludes\default.php:81
filterauto_update_themeincludes\default.php:82
filterauto_update_pluginincludes\default.php:83
filterauto_update_translationincludes\default.php:84
filterpost_row_actionsincludes\duplicate.php:13
filterpage_row_actionsincludes\duplicate.php:15
actionadmin_action_fiad_duplicate_post_as_draftincludes\duplicate.php:18
actionadmin_noticesincludes\duplicate.php:33
filterupload_mimesincludes\image.php:32
actionadmin_headincludes\image.php:33
actionadmin_enqueue_scriptsincludes\image.php:35
filterwp_handle_upload_prefilterincludes\image.php:36
filterwp_get_attachment_metadataincludes\image.php:39
filterwp_generate_attachment_metadataincludes\image.php:40
actionlogin_enqueue_scriptsincludes\login.php:17
actionupdated_optionincludes\login.php:20
actionadded_optionincludes\login.php:21
actiondeleted_optionincludes\login.php:22
actionadmin_menuincludes\settings\setting.php:13
actionadmin_initincludes\settings\setting.php:14
actionadmin_enqueue_scriptsincludes\settings\setting.php:17
Maintenance & Trust

Fiber Admin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 15, 2025
PHP min version7.4
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs200
Alternatives

Fiber Admin Alternatives

Yoast Duplicate Post

Yoast Duplicate Post

duplicate-post

A
90

The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.

4.0M 4 CVEs
Duplicate Page

Duplicate Page

duplicate-page

A
98

Duplicate Posts, Pages and Custom Posts easily using single click

3.0M 3 CVEs
Duplicate Post

Duplicate Post

copy-delete-posts

A
99

Duplicate post

300K 2 CVEs
WP Content Copy Protection & No Right Click

WP Content Copy Protection & No Right Click

wp-content-copy-protector

A
95

This WP plugin protects posts from being copied (content copy protection). Keep your content safe from unauthorized distribution!

100K 4 CVEs
Duplicate Page and Post

Duplicate Page and Post

duplicate-wp-page-post

C
63

Duplicate post, Duplicate page and Duplicate custom post or clone page and clone post.

80K 1 unpatched
Developer Profile

Fiber Admin Developer Profile

daomapsieucap

2 plugins · 210 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Fiber Admin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fiber-admin/assets/css/fiber-admin.css/wp-content/plugins/fiber-admin/assets/js/fiber-admin.min.js/wp-content/plugins/fiber-admin/assets/js/fiber-admin.js/wp-content/plugins/fiber-admin/assets/js/fiber-cpo.min.js/wp-content/plugins/fiber-admin/assets/js/fiber-cpo.js
Script Paths
/wp-content/plugins/fiber-admin/assets/js/fiber-admin.min.js/wp-content/plugins/fiber-admin/assets/js/fiber-admin.js/wp-content/plugins/fiber-admin/assets/js/fiber-cpo.min.js/wp-content/plugins/fiber-admin/assets/js/fiber-cpo.js
Version Parameters
fiber-admin/assets/css/fiber-admin.css?ver=fiber-admin/assets/js/fiber-admin.min.js?ver=fiber-admin/assets/js/fiber-admin.js?ver=fiber-admin/assets/js/fiber-cpo.min.js?ver=fiber-admin/assets/js/fiber-cpo.js?ver=

HTML / DOM Fingerprints

CSS Classes
fiber-admin-wrap
HTML Comments
If this file is called directly, abort.Exit if accessed directlyCustom Post OrderStyles+7 more
Data Attributes
data-cpo-iddata-post-typedata-post-statusdata-cpo-action
JS Globals
fiad_cpo
FAQ

Frequently Asked Questions about Fiber Admin