Does Maintenance Switch have any unpatched vulnerabilities?

Yes — Maintenance Switch currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Maintenance Switch compatible with WordPress 6.9.4?

According to WordPress.org data, Maintenance Switch 1.7.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Maintenance Switch compatible with PHP 8.3+?

Maintenance Switch requires PHP 8.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Maintenance Switch updated?

Maintenance Switch was last updated on Dec 18, 2025. Frequent updates are generally a positive security signal.

What is Maintenance Switch's security score?

Maintenance Switch has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Maintenance Switch Security & Risk Analysis

wordpress.org/plugins/maintenance-switch

Customize easily and switch in one-click to (native) maintenance mode from your backend or frontend.

600 active installs v1.7.1 PHP 8.3+ WP 3.5+ Updated Dec 18, 2025

coming-soonconstructionmaintenanceofflineswitch

B · Generally Safe

CVEs total2

Unpatched1

Last CVEAug 28, 2023

Plugin page Download

Safety Verdict

Is Maintenance Switch Safe to Use in 2026?

Mostly Safe

Score 79/100

Maintenance Switch is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Aug 28, 2023Updated 3mo ago

Risk Assessment

The 'maintenance-switch' plugin v1.7.1 presents a mixed security posture. On one hand, it demonstrates good practices in several areas, including the exclusive use of prepared statements for SQL queries and a high percentage of properly escaped output, indicating a developer awareness of common web vulnerabilities. The absence of dangerous functions, external HTTP requests, and taint analysis findings with unsanitized paths are also positive indicators. However, significant concerns arise from its attack surface and vulnerability history. The presence of an unprotected AJAX handler is a critical flaw, providing a direct entry point for attackers without authentication. This, coupled with a history of two medium-severity vulnerabilities, including CSRF and XSS, suggests a pattern of potential security weaknesses. The fact that one of these vulnerabilities remains unpatched is a serious concern that elevates the risk considerably.

Key Concerns

Unprotected AJAX handler
Currently unpatched CVE
History of CSRF vulnerabilities
History of XSS vulnerabilities

Vulnerabilities

Maintenance Switch Security Vulnerabilities

CVEs by Year

2 CVEs in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-29235medium · 5.4Cross-Site Request Forgery (CSRF)

Maintenance Switch <= 1.5.2 - Cross-Site Request Forgery via 'admin_action_request'

Aug 28, 2023Unpatched

CVE-2022-47590medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Maintenance Switch <= 1.6.2 - Reflected Cross-Site Scripting

Apr 28, 2023 Patched in 1.6.3 (889d)

Code Analysis

Analyzed Mar 16, 2026

Maintenance Switch Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

98% escaped48 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<preview> (preview.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Maintenance Switch Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_toggle_statusincludes\class-maintenance-switch.php:226

WordPress Hooks 14

actionadmin_initadmin\views\maintenance-switch-admin-display.php:60

actionplugins_loadedincludes\class-maintenance-switch.php:186

actionadmin_enqueue_scriptsincludes\class-maintenance-switch.php:202

actionadmin_enqueue_scriptsincludes\class-maintenance-switch.php:203

actionadmin_footerincludes\class-maintenance-switch.php:206

actionadmin_menuincludes\class-maintenance-switch.php:207

actionupdate_option_maintenance_switch_settingsincludes\class-maintenance-switch.php:210

filterwp_redirectincludes\class-maintenance-switch.php:217

actionadmin_bar_menuincludes\class-maintenance-switch.php:220

actionwp_loadedincludes\class-maintenance-switch.php:223

actionadmin_noticesincludes\class-maintenance-switch.php:229

actionwp_enqueue_scriptsincludes\class-maintenance-switch.php:244

actionwp_enqueue_scriptsincludes\class-maintenance-switch.php:245

actionwp_headincludes\class-maintenance-switch.php:247

Maintenance & Trust

Maintenance Switch Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 18, 2025

PHP min version8.3

Downloads41K

Community Trust

Rating100/100

Number of ratings12

Active installs600

Alternatives

Maintenance Switch Alternatives

Coming Soon Page & Maintenance Mode

responsive-coming-soon

Coming Soon Plugin and Maintenance Mode plugin with Launch page & site offline plugin for your Website while it's under construction.

3K 3 CVEs

GW Under Construction Mode

gw-under-construction-mode

100

Show an under construction page to visitors while logged-in users continue working. Includes IP whitelisting, custom text/image, scheduling and more.

100 No CVEs

Maintenance Mode with Timer

maintenance-mode-with-timer

100

A quick, easy way to add and display maintenance mode with countdown timer on your website.

100 No CVEs

Simple WP Maintenance

simple-wp-maintenance

Simple WP Maintenance is a lightweight and easy-to-use plugin that allows you to activate a maintenance mode on your WordPress website.

100 No CVEs

Elephant Maintenance

elephant-maintenance

100

The plugin will support to enable the maintenance mode

10 No CVEs

Developer Profile

Maintenance Switch Developer Profile

Fugu Design

1 plugin · 600 total installs

trust score

Avg Security Score

79/100

Avg Patch Time

889 days

View full developer profile

Detection Fingerprints

How We Detect Maintenance Switch

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/maintenance-switch/assets/css/maintenance-switch-button.css/wp-content/plugins/maintenance-switch/assets/js/maintenance-switch-button.js/wp-content/plugins/maintenance-switch/css/maintenance-switch-admin.css/wp-content/plugins/maintenance-switch/js/maintenance-switch-admin.js

Script Paths

/wp-content/plugins/maintenance-switch/js/maintenance-switch-admin.js/wp-content/plugins/maintenance-switch/assets/js/maintenance-switch-button.js

Version Parameters

maintenance-switch/css/maintenance-switch-admin.css?ver=maintenance-switch/js/maintenance-switch-admin.js?ver=maintenance-switch/assets/css/maintenance-switch-button.css?ver=maintenance-switch/assets/js/maintenance-switch-button.js?ver=

HTML / DOM Fingerprints

CSS Classes

maintenance-switch-button-container

Data Attributes

data-maintenance-switch

JS Globals

maintenance_switch_admin

FAQ

Maintenance Switch Security & Risk Analysis

Is Maintenance Switch Safe to Use in 2026?

Mostly Safe

Key Concerns

Maintenance Switch Security Vulnerabilities

CVEs by Year

Severity Breakdown

Maintenance Switch Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Maintenance Switch Attack Surface

AJAX Handlers 1

Maintenance Switch Maintenance & Trust

Maintenance Signals

Community Trust

Maintenance Switch Alternatives

Coming Soon Page & Maintenance Mode

GW Under Construction Mode

Maintenance Mode with Timer

Simple WP Maintenance

Elephant Maintenance

Maintenance Switch Developer Profile

How We Detect Maintenance Switch

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Maintenance Switch