Does Keys Master have any unpatched vulnerabilities?

No. All known vulnerabilities in Keys Master have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Keys Master compatible with WordPress 6.9.4?

According to WordPress.org data, Keys Master 2.4.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Keys Master compatible with PHP 8.1+?

Keys Master requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Keys Master updated?

Keys Master was last updated on Nov 22, 2025. Frequent updates are generally a positive security signal.

What is Keys Master's security score?

Keys Master has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Keys Master Security & Risk Analysis

wordpress.org/plugins/keys-master

Powerful application passwords manager for WordPress with role-based usage control and full analytics reporting capabilities.

10 active installs v2.4.0 PHP 8.1+ WP 6.2+ Updated Nov 22, 2025

application-passwordauthenticationrest-apisecurityxml-rpc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Keys Master Safe to Use in 2026?

Generally Safe

Score 100/100

Keys Master has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "keys-master" v2.4.0 plugin exhibits a mixed security posture. On the positive side, it has no recorded historical vulnerabilities (CVEs) and shows good practices regarding SQL query preparedness (87%) and the absence of dangerous functions. The plugin also has a significant number of nonce checks, indicating an awareness of common WordPress security mechanisms. However, concerns arise from the attack surface analysis. There are two AJAX handlers that lack authentication checks, representing direct entry points for potential unauthenticated actions. While taint analysis shows no critical or high severity flows, this is based on zero flows being analyzed, which is a limitation in the static analysis rather than a guarantee of safety. The output escaping is also only 60% proper, suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities in a substantial portion of its outputs. The limited capability checks also suggest that even authenticated users might have access to functionalities they shouldn't.

Key Concerns

AJAX handlers without authentication checks
Output escaping is only 60% proper
Limited capability checks
Taint analysis did not analyze any flows

Vulnerabilities

None known

Keys Master Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Keys Master Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

58 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

87% prepared30 total queries

Output Escaping

60% escaped97 total outputs

Attack Surface

2 unprotected

Keys Master Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 3

authwp_ajax_hide_pokm_nagincludes\plugin\class-core.php:106

authwp_ajax_pokm_get_statsincludes\plugin\class-core.php:107

authwp_ajax_poo_switch_autoupdateperfopsone\functions.php:32

Shortcodes 4

[pokm-wpcli] includes\features\class-wpcli.php:723

[pokm-changelog] includes\plugin\class-core.php:82

[pokm-libraries] includes\plugin\class-core.php:83

[pokm-statistics] includes\plugin\class-core.php:84

WordPress Hooks 37

filterinit_perfopsone_admin_menusadmin\class-keys-master-admin.php:162

actionwp_create_application_passwordincludes\features\class-capture.php:89

actionwp_delete_application_passwordincludes\features\class-capture.php:90

actionapplication_password_failed_authenticationincludes\features\class-capture.php:91

actionapplication_password_did_authenticateincludes\features\class-capture.php:92

actionshutdownincludes\features\class-schema.php:65

actionwp_create_application_password_formincludes\features\class-useradministration.php:32

actionshutdownincludes\features\class-zookeeper.php:37

filterperfopsone_plugin_infoincludes\plugin\class-core.php:78

actioninitincludes\plugin\class-core.php:79

actioninitincludes\plugin\class-core.php:80

actionwp_headincludes\plugin\class-core.php:81

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:97

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:98

actionadmin_menuincludes\plugin\class-core.php:99

actionadmin_menuincludes\plugin\class-core.php:100

actionadmin_menuincludes\plugin\class-core.php:101

actionadmin_initincludes\plugin\class-core.php:102

filterplugin_row_metaincludes\plugin\class-core.php:104

actionadmin_noticesincludes\plugin\class-core.php:105

actionwp_enqueue_scriptsincludes\plugin\class-core.php:119

actionwp_enqueue_scriptsincludes\plugin\class-core.php:120

filterplugins_apiincludes\plugin\class-updater.php:64

filtersite_transient_update_pluginsincludes\plugin\class-updater.php:65

actionupgrader_process_completeincludes\plugin\class-updater.php:66

filterclean_urlincludes\plugin\class-updater.php:67

filterperfopsone_apcu_infoincludes\system\class-apcu.php:51

actioninitincludes\system\class-password.php:354

actionupdate_user_metadataincludes\system\class-password.php:367

filterwp_is_application_passwords_available_for_userincludes\system\class-password.php:368

filtersite_status_testsincludes\system\class-sitehealth.php:77

filtersite_status_testsincludes\system\class-sitehealth.php:78

filtersite_status_testsincludes\system\class-sitehealth.php:79

filtersite_status_testsincludes\system\class-sitehealth.php:81

filterdebug_informationincludes\system\class-sitehealth.php:91

filterdebug_informationincludes\system\class-sitehealth.php:109

actionadmin_bar_menuperfopsone\class-adminbar.php:54

Maintenance & Trust

Keys Master Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 22, 2025

PHP min version8.1

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Keys Master Alternatives

GhostGate

ghostgate

100

Invisible, intelligent protection for WordPress. GhostGate hides your login page, blocks bots, and turns your site into a ghost fortress.

10 No CVEs

WP REST API Key Authentication

rest-api-key-authentication

A simple plugin to add API key-based authentication to the WordPress REST API. Manage multiple API keys and secure your REST API endpoints.

20 No CVEs

HeadlessKey – JWT Auth

headlesskey-jwt-auth

100

A complete authentication solution for Headless WordPress applications using JWT, supporting Registration, SSO, RBAC, and advanced Security features.

0 No CVEs

JuanMa JWT Auth Pro

juanma-jwt-auth-pro

100

Modern JWT authentication with refresh tokens - built for SPAs and mobile apps with enterprise-grade security.

0 No CVEs

PKL WPz REST API Authentication

pkl-wpz-rest-api-auth

100

Control WordPress REST API access by requiring user authentication with API key system.

0 No CVEs

Developer Profile

Keys Master Developer Profile

Pierre Lannoy

12 plugins · 15K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect Keys Master

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/keys-master/admin/css/keys-master-admin.css/wp-content/plugins/keys-master/admin/js/keys-master-admin.js/wp-content/plugins/keys-master/includes/libraries/assets/css/bootstrap.min.css/wp-content/plugins/keys-master/includes/libraries/assets/css/feather.css/wp-content/plugins/keys-master/includes/libraries/assets/css/choices.min.css/wp-content/plugins/keys-master/includes/libraries/assets/js/bootstrap.min.js/wp-content/plugins/keys-master/includes/libraries/assets/js/choices.min.js/wp-content/plugins/keys-master/includes/features/assets/css/keys-master-feature-capture.css+7 more

Script Paths

/wp-content/plugins/keys-master/admin/js/keys-master-admin.js/wp-content/plugins/keys-master/includes/libraries/assets/js/bootstrap.min.js/wp-content/plugins/keys-master/includes/libraries/assets/js/choices.min.js/wp-content/plugins/keys-master/includes/features/assets/js/keys-master-feature-capture.js/wp-content/plugins/keys-master/includes/features/assets/js/keys-master-feature-schema.js/wp-content/plugins/keys-master/includes/features/assets/js/keys-master-feature-wpcli.js+2 more

Version Parameters

keys-master/admin/css/keys-master-admin.css?ver=keys-master/admin/js/keys-master-admin.js?ver=keys-master/includes/libraries/assets/css/bootstrap.min.css?ver=keys-master/includes/libraries/assets/css/feather.css?ver=keys-master/includes/libraries/assets/css/choices.min.css?ver=keys-master/includes/libraries/assets/js/bootstrap.min.js?ver=keys-master/includes/libraries/assets/js/choices.min.js?ver=keys-master/includes/features/assets/css/keys-master-feature-capture.css?ver=keys-master/includes/features/assets/css/keys-master-feature-schema.css?ver=keys-master/includes/features/assets/css/keys-master-feature-wpcli.css?ver=keys-master/includes/features/assets/js/keys-master-feature-capture.js?ver=keys-master/includes/features/assets/js/keys-master-feature-schema.js?ver=keys-master/includes/features/assets/js/keys-master-feature-wpcli.js?ver=keys-master/includes/features/assets/js/keys-master-feature-passwords.js?ver=keys-master/includes/features/assets/js/keys-master-feature-logs.js?ver=

HTML / DOM Fingerprints

CSS Classes

pokm-about-logo

Data Attributes

data-nonce

JS Globals

POKM_ASSETS_IDPOKM_SLUGPOKM_PRODUCT_NAMEPOKM_VERSION

Shortcode Output

[pokm-libraries][pokm-changelog][pokm-wpcli]

FAQ

Keys Master Security & Risk Analysis

Is Keys Master Safe to Use in 2026?

Generally Safe

Key Concerns

Keys Master Security Vulnerabilities

Keys Master Code Analysis

SQL Query Safety

Output Escaping

Keys Master Attack Surface

AJAX Handlers 3

Shortcodes 4

Keys Master Maintenance & Trust

Maintenance Signals

Community Trust

Keys Master Alternatives

GhostGate

WP REST API Key Authentication

HeadlessKey – JWT Auth

JuanMa JWT Auth Pro

PKL WPz REST API Authentication

Keys Master Developer Profile

How We Detect Keys Master

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Keys Master