Does Maintenance Redirect have any unpatched vulnerabilities?

No. All known vulnerabilities in Maintenance Redirect have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Maintenance Redirect compatible with WordPress 6.9.4?

According to WordPress.org data, Maintenance Redirect 2.2.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Maintenance Redirect compatible with PHP 7.4+?

Maintenance Redirect requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Maintenance Redirect updated?

Maintenance Redirect was last updated on Feb 10, 2026. Frequent updates are generally a positive security signal.

What is Maintenance Redirect's security score?

Maintenance Redirect has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Maintenance Redirect Security & Risk Analysis

wordpress.org/plugins/jf3-maintenance-mode

Display a maintenance mode page and allow invited visitors to bypass the functionality to preview the site.

10K active installs v2.2.1 PHP 7.4+ WP 6.1+ Updated Feb 10, 2026

coming-soondevelopermaintenancemaintenance-moderedirect

A · Safe

CVEs total1

Unpatched0

Last CVESep 16, 2024

Plugin page Download

Safety Verdict

Is Maintenance Redirect Safe to Use in 2026?

Generally Safe

Score 99/100

Maintenance Redirect has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 16, 2024Updated 1mo ago

Risk Assessment

The jf3-maintenance-mode plugin version 2.2.1 demonstrates a generally good security posture due to its robust use of security best practices. The static analysis reveals a complete absence of unprotected entry points, with all 7 AJAX handlers implementing authentication checks. Furthermore, there are no identified dangerous functions, file operations, or external HTTP requests, which significantly reduces the attack surface. The code also exhibits strong practices in SQL query preparation (78% prepared) and output escaping (81% properly escaped), along with a healthy number of nonce and capability checks.

The plugin's vulnerability history, while showing one past medium-severity CVE related to the 'Use of Less Trusted Source,' indicates a positive trend with no currently unpatched vulnerabilities. This suggests that the developers have been responsive to past security issues.

Despite the overall strong security, there is a slight concern regarding the proportion of SQL queries and output that are not fully prepared or escaped, respectively. While the percentages are good, they are not 100%. This leaves a small residual risk for potential SQL injection or cross-site scripting (XSS) vulnerabilities if specific edge cases are not handled correctly. However, the lack of critical or high-severity taint flows and the absence of unprotected entry points are significant strengths that mitigate these minor concerns.

Key Concerns

SQL queries not using prepared statements (22%)
Output not properly escaped (19%)
1 medium severity CVE historically

Vulnerabilities

Maintenance Redirect Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-45453medium · 5.3Use of Less Trusted Source

Maintenance Redirect <= 2.0.1 - IP Spoofing to Maintenance Mode Bypass

Sep 16, 2024 Patched in 2.1.0 (3d)

Code Analysis

Analyzed Mar 16, 2026

Maintenance Redirect Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

133 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

78% prepared18 total queries

Output Escaping

81% escaped165 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

toggle_ip_status (wpjf3_maintenance_redirect.php:335)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Maintenance Redirect Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 7

authwp_ajax_wpjf3_mr_add_ipwpjf3_maintenance_redirect.php:1445

authwp_ajax_wpjf3_mr_toggle_ipwpjf3_maintenance_redirect.php:1446

authwp_ajax_wpjf3_mr_delete_ipwpjf3_maintenance_redirect.php:1447

authwp_ajax_wpjf3_mr_add_akwpjf3_maintenance_redirect.php:1448

authwp_ajax_wpjf3_mr_toggle_akwpjf3_maintenance_redirect.php:1449

authwp_ajax_wpjf3_mr_delete_akwpjf3_maintenance_redirect.php:1450

authwp_ajax_wpjf3_mr_resend_akwpjf3_maintenance_redirect.php:1451

WordPress Hooks 8

actionadmin_menuwpjf3_maintenance_redirect.php:1434

actionsend_headerswpjf3_maintenance_redirect.php:1435

actionadmin_noticeswpjf3_maintenance_redirect.php:1436

actionadmin_bar_menuwpjf3_maintenance_redirect.php:1437

actionadmin_enqueue_scriptswpjf3_maintenance_redirect.php:1438

filterplugin_row_metawpjf3_maintenance_redirect.php:1441

filtersite_status_testswpjf3_maintenance_redirect.php:1442

actionupgrader_process_completewpjf3_maintenance_redirect.php:1457

Maintenance & Trust

Maintenance Redirect Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 10, 2026

PHP min version7.4

Downloads210K

Community Trust

Rating98/100

Number of ratings24

Active installs10K

Alternatives

Maintenance Redirect Alternatives

Maintenance Mode

hkdev-maintenance-mode

This plugin is intended primarily for developers that need to allow clients to preview sites before being available to the general public or to tempor …

8K 2 CVEs