WP-Safety

Maestro Connector Security & Risk Analysis

wordpress.org/plugins/maestro-connector

Give trusted web professionals admin access to your WordPress account. Revoke anytime.

500 active installs v1.2.0 PHP 7.0+ WP 5.7+ Updated Feb 6, 2023
authenticationsecuritysite-managementsso
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Maestro Connector Safe to Use in 2026?

Generally Safe

Score 85/100

Maestro Connector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "maestro-connector" v1.2.0 plugin demonstrates a generally strong security posture based on the provided static analysis. The absence of any known vulnerabilities in its history is a positive indicator. The code analysis reveals a limited attack surface, with only two AJAX handlers and no REST API routes, shortcodes, or cron events. Crucially, none of the identified entry points lack authentication checks, which is an excellent practice.

However, there are areas for potential concern. While no dangerous functions were detected and all SQL queries utilize prepared statements, the output escaping is only properly implemented for 73% of outputs. This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not correctly sanitized before being displayed. Furthermore, the plugin lacks any capability checks for its AJAX handlers, which means that any authenticated user, regardless of their role or permissions, could potentially trigger these handlers. This broad access, even without authentication checks, represents a significant weakness.

In conclusion, the plugin benefits from a clean vulnerability history and a well-secured entry point landscape concerning authentication. The primary weaknesses lie in the insufficient output escaping and the lack of granular capability checks on its AJAX handlers. Addressing these areas would further enhance the plugin's security.

Key Concerns

  • Missing capability checks on AJAX handlers
  • Output escaping only 73% proper
Vulnerabilities
None known

Maestro Connector Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Maestro Connector Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
24 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

73% escaped33 total outputs
Attack Surface

Maestro Connector Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_bh-maestro-key-checkinc\Admin.php:53
authwp_ajax_bh-maestro-denyinc\Admin.php:54
WordPress Hooks 13
actionadmin_menuinc\Admin.php:44
actionin_admin_headerinc\Admin.php:47
actionadmin_enqueue_scriptsinc\Admin.php:50
filtermanage_users_columnsinc\Admin.php:57
actionmanage_users_custom_columninc\Admin.php:58
actionedit_user_profileinc\Admin.php:61
actionshow_user_profileinc\Admin.php:62
actionset_user_roleinc\Admin.php:65
actiondelete_userinc\Admin.php:66
actionplugins_loadedmaestro-connector.php:34
actionadmin_initmaestro-connector.php:44
actioninitmaestro-connector.php:47
actioninitmaestro-connector.php:50
Maintenance & Trust

Maestro Connector Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedFeb 6, 2023
PHP min version7.0
Downloads15K

Community Trust

Rating60/100
Number of ratings2
Active installs500
Alternatives

Maestro Connector Alternatives

SSO JumpCloud – Enterprise SAML & SCIM

SSO JumpCloud – Enterprise SAML & SCIM

sso-connector-for-jumpcloud

A
100

Securely connect WordPress with JumpCloud for Enterprise SSO via SAML 2.0 and automated user provisioning via SCIM.

0 No CVEs
Secufor_OAuth

Secufor_OAuth

wpoauth

A
100

Secufor_OAuth is a WordPress plugin that enables Single Sign-On (SSO) functionality using the OAuth protocol.

0 No CVEs
All-In-One Security (AIOS) – Security and Firewall

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

A
93

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs
Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

A
93

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

mainwp-child

A
91

MainWP Child establishes a secure link between your WordPress sites and your self-hosted MainWP Dashboard, simplifying site management.

700K 7 CVEs
Developer Profile

Maestro Connector Developer Profile

Bluehost

3 plugins · 26K total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Maestro Connector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/maestro-connector/assets/css/bh-maestro.css/wp-content/plugins/maestro-connector/assets/js/maestro.js
Script Paths
/wp-content/plugins/maestro-connector/assets/js/maestro.js
Version Parameters
maestro-connector/assets/css/bh-maestro.css?ver=maestro-connector/assets/js/maestro.js?ver=

HTML / DOM Fingerprints

CSS Classes
maestro-containermaestro-pagemaestro-contentmaestro-warning
HTML Comments
// <span><a href="https://www.bluehost.com/contact">// phpcs:ignore WordPress.Security.NonceVerification.Recommended
Data Attributes
data-slug="bluehost-maestro"
JS Globals
maestro
REST Endpoints
/bluehost/maestro/v1
FAQ

Frequently Asked Questions about Maestro Connector