Does Maintenance have any unpatched vulnerabilities?

No. All known vulnerabilities in Maintenance have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Maintenance compatible with WordPress 6.9.4?

According to WordPress.org data, Maintenance 4.20 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Maintenance compatible with PHP 5.2+?

Maintenance requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Maintenance updated?

Maintenance was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is Maintenance's security score?

Maintenance has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Maintenance Security & Risk Analysis

wordpress.org/plugins/maintenance

Great looking maintenance, coming soon & under construction pages. Put your site under maintenance in minutes.

1.0M active installs v4.20 PHP 5.2+ WP 4.0+ Updated Feb 5, 2026

coming-sooncoming-soon-pagemaintenancemaintenance-modemaintenance-page

A · Safe

CVEs total1

Unpatched0

Last CVEJul 21, 2021

Plugin page Download

Safety Verdict

Is Maintenance Safe to Use in 2026?

Generally Safe

Score 100/100

Maintenance has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 21, 2021Updated 1mo ago

Risk Assessment

The "maintenance" plugin v4.20 exhibits a generally good security posture with strong adherence to secure coding practices, notably in output escaping and the presence of nonce and capability checks for its entry points. The static analysis reveals a limited attack surface with no unprotected AJAX handlers or REST API routes. However, a significant concern arises from the handling of SQL queries, as 100% of them are not using prepared statements, posing a risk of SQL injection vulnerabilities, especially if user input is involved, despite the absence of identified critical or high severity taint flows in the current analysis.

The vulnerability history shows a single medium-severity Cross-site Scripting (XSS) vulnerability reported in 2021, which is now patched. The absence of current unpatched vulnerabilities is positive, but the past XSS issue, combined with the lack of prepared SQL statements, suggests a need for continued vigilance. Overall, the plugin has strengths in input validation and authentication, but the SQL query handling and past vulnerability type are areas that require attention to maintain a robust security profile.

Key Concerns

SQL queries not using prepared statements
Past medium severity XSS vulnerability

Vulnerabilities

Maintenance Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2021-24533medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Maintenance <= 4.02 - Authenticated Stored Cross-Site Scripting

Jul 21, 2021 Patched in 4.03 (916d)

Code Analysis

Analyzed Mar 16, 2026

Maintenance Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

208 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

0% prepared1 total queries

Output Escaping

99% escaped210 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<functions> (load\functions.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Maintenance Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_mtnc_dismiss_dialogincludes\admin.php:34

authwp_ajax_mtnc_dismiss_noticeincludes\admin.php:35

WordPress Hooks 44

actionadmin_menuincludes\admin.php:2

actionadmin_initincludes\admin.php:9

actionadmin_enqueue_scriptsincludes\admin.php:13

actionadmin_enqueue_scriptsincludes\admin.php:14

actionadmin_footerincludes\admin.php:15

actionadd_mt_meta_boxesincludes\functions.php:360

actionadd_mt_meta_boxesincludes\functions.php:366

actionadd_mt_meta_boxesincludes\functions.php:428

actionmtnc_background_fieldincludes\functions.php:961

actionmtnc_color_fieldsincludes\functions.php:970

actionmtnc_font_fieldsincludes\functions.php:984

filterscript_loader_tagincludes\functions.php:1090

filterscript_loader_tagincludes\functions.php:1130

actionadmin_initincludes\update.php:2

actionload_custom_scriptsload\functions.php:150

actionload_custom_styleload\functions.php:151

actionlogo_boxload\functions.php:266

actioncontent_sectionload\functions.php:298

actionfooter_sectionload\functions.php:331

filterlostpassword_urlload\functions.php:381

actionbefore_content_sectionload\functions.php:395

actionadd_gg_analytics_codeload\functions.php:414

filtersafe_style_cssload\functions.php:453

filtersafe_style_cssload\functions.php:678

actionplugins_loadedmaintenance.php:34

actionplugins_loadedmaintenance.php:35

actionplugins_loadedmaintenance.php:36

actionplugins_loadedmaintenance.php:37

actiontemplate_includemaintenance.php:42

actiondo_feed_rdfmaintenance.php:43

actiondo_feed_rssmaintenance.php:44

actiondo_feed_rss2maintenance.php:45

actiondo_feed_atommaintenance.php:46

actionwp_logoutmaintenance.php:47

actioninitmaintenance.php:48

actioninitmaintenance.php:49

filteradmin_footer_textmaintenance.php:50

actionadmin_action_mtnc_install_wpfsslmaintenance.php:52

actionadmin_action_mtnc_install_weglotmaintenance.php:53

actionadmin_bar_menumaintenance.php:307

actionadmin_initwf-flyout\wf-flyout.php:26

actionadmin_enqueue_scriptswf-flyout\wf-flyout.php:72

actionadmin_headwf-flyout\wf-flyout.php:73

actionadmin_footerwf-flyout\wf-flyout.php:74

Maintenance & Trust

Maintenance Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version5.2

Downloads16.7M

Community Trust

Rating90/100

Number of ratings846

Active installs1.0M

Alternatives

Maintenance Alternatives

Coming Soon & Maintenance Mode Page & Under Construction

nifty-coming-soon-and-under-construction-page

Nifty Coming Soon & Maintenance Page creates awesome Coming Soon & Maintenance Pages.

20K 2 CVEs

Super Easy Maintenance Mode – Coming Soon & Under Construction

super-easy-maintenance-mode

100

Enable coming soon page, maintenance mode, under construction page in just one click toggle.

300 No CVEs

WEN Maintenance Mode

wen-maintenance-mode

100

The fastest & simplest maintenance page for WordPress site. Super-easy to use!

90 No CVEs

Build Mode – Maintenance Mode & Coming Soon Page

build-mode

100

Maintenance Mode & Coming Soon Made Easy – Display any page as your maintenance or coming-soon screen, no coding required.

20 No CVEs

Prosolit Maintenance & Coming soon – LITE Version

prosolit-maintenance-coming-soon-lite-version

100

Simple coming soon & under construction pages. Put your site under maintenance in minutes.

0 No CVEs

Developer Profile

Maintenance Developer Profile

WebFactory

28 plugins · 3.5M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

699 days

View full developer profile

Detection Fingerprints

How We Detect Maintenance

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/maintenance/css/maintenance.css/wp-content/plugins/maintenance/css/bootstrap.min.css/wp-content/plugins/maintenance/css/bootstrap-theme.min.css/wp-content/plugins/maintenance/js/maintenance.js/wp-content/plugins/maintenance/js/jquery.bootstrap-growl.min.js/wp-content/plugins/maintenance/js/owl.carousel.min.js/wp-content/plugins/maintenance/js/scripts.js

Script Paths

/wp-content/plugins/maintenance/js/maintenance.js/wp-content/plugins/maintenance/js/jquery.bootstrap-growl.min.js/wp-content/plugins/maintenance/js/owl.carousel.min.js/wp-content/plugins/maintenance/js/scripts.js

Version Parameters

maintenance/css/maintenance.css?ver=maintenance/css/bootstrap.min.css?ver=maintenance/css/bootstrap-theme.min.css?ver=maintenance/js/maintenance.js?ver=maintenance/js/jquery.bootstrap-growl.min.js?ver=maintenance/js/owl.carousel.min.js?ver=maintenance/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

mtnc-pro-dialogmtnc-pro-tablemtnc-maintenance-wrappermtnc-maintenance-containermtnc-logomtnc-progress-barmtnc-countdownmtnc-social+6 more

HTML Comments

Data Attributes

data-mtnc-progressdata-mtnc-countdowndata-mtnc-social-icondata-mtnc-form-field

JS Globals

mtnc_plugin_urlmtnc_ajax_urlmtnc_countdown_settingsmtnc_growl_options

Shortcode Output

[maintenance_progress][maintenance_countdown][maintenance_social_links][maintenance_contact_form]

FAQ