Does Page Whitelists have any unpatched vulnerabilities?

No. All known vulnerabilities in Page Whitelists have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Page Whitelists compatible with WordPress 4.6.30?

According to WordPress.org data, Page Whitelists 4.0.2 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Page Whitelists updated?

Page Whitelists was last updated on Apr 5, 2019. Frequent updates are generally a positive security signal.

What is Page Whitelists's security score?

Page Whitelists has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Page Whitelists Security & Risk Analysis

wordpress.org/plugins/page-whitelists

NOTICE: This plugin is no longer in active development. Limit user access only to selected ("whitelisted") pages by creating whitelists and …

70 active installs v4.0.2 PHP + WP 3.6+ Updated Apr 5, 2019

deleting-pagesediting-pagespagesuamuser-access-management

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Page Whitelists Safe to Use in 2026?

Generally Safe

Score 85/100

Page Whitelists has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The 'page-whitelists' v4.0.2 plugin exhibits a mixed security posture. While it benefits from a lack of recorded vulnerabilities and a generally good use of prepared statements for SQL queries, several concerning aspects are present in the static analysis. A significant weakness lies in its attack surface, with one of the three AJAX handlers lacking authentication checks, opening it up to potential unauthorized access or manipulation.

Furthermore, the taint analysis reveals three high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data could be misused. The complete absence of proper output escaping across all identified outputs is a critical concern, as it suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of file operations, even if only one, coupled with the lack of proper escaping, warrants careful consideration.

Despite the clean vulnerability history, which is a positive indicator, the static analysis findings present clear and actionable risks. The combination of an unprotected AJAX endpoint and the prevalent lack of output escaping creates a significant security concern that could be exploited. Therefore, while the plugin has demonstrated a history of stability, these newly identified weaknesses require immediate attention and remediation.

Key Concerns

Unprotected AJAX handler
High severity unsanitized taint flows (3)
No output escaping on any output
File operations present

Vulnerabilities

None known

Page Whitelists Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Page Whitelists Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared10 total queries

Output Escaping

0% escaped23 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

ajax_load (classes\WL_Admin.php:286)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Page Whitelists Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 3

authwp_ajax_wl_deleteclasses\WL_Admin.php:265

authwp_ajax_wl_loadclasses\WL_Admin.php:266

authwp_ajax_wl_saveclasses\WL_Admin.php:267

WordPress Hooks 21

actionpre_get_postsclasses\WL_Access_Manager.php:215

actionload-post-new.phpclasses\WL_Access_Manager.php:216

actionload-post.phpclasses\WL_Access_Manager.php:217

actiontransition_post_statusclasses\WL_Access_Manager.php:218

actionadmin_headclasses\WL_Access_Manager.php:219

actionwp_before_admin_bar_renderclasses\WL_Access_Manager.php:221

actionadmin_menuclasses\WL_Access_Manager.php:222

actionadd_meta_boxesclasses\WL_Admin.php:16

actionsave_postclasses\WL_Admin.php:17

actionadmin_menuclasses\WL_Admin.php:18

actionadmin_enqueue_scriptsclasses\WL_Admin.php:19

actionadmin_initclasses\WL_Admin.php:20

actionadmin_initclasses\WL_Admin.php:21

actionmanage_users_columnsclasses\WL_Admin.php:22

actionmanage_users_custom_columnclasses\WL_Admin.php:23

actionedit_user_profileclasses\WL_Admin.php:24

actionedit_user_profile_updateclasses\WL_Admin.php:25

actionplugins_loadedclasses\WL_Core.php:24

actioninitclasses\WL_Core.php:25

actionbefore_delete_postclasses\WL_Core.php:26

actioninitclasses\WL_Core.php:27

Maintenance & Trust

Page Whitelists Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedApr 5, 2019

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings4

Active installs70

Alternatives

Page Whitelists Alternatives

LiteSpeed Cache

litespeed-cache

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

The simplest and fastest WP Cache system

1.0M 35 CVEs

Autoptimize

autoptimize

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 12 CVEs

W3 Total Cache

w3-total-cache

Search Engine (SEO) & Performance Optimization (WPO) via caching. Integrated caching: CDN, Page, Minify, Object, Fragment, Database support.

900K 29 CVEs

Developer Profile

Page Whitelists Developer Profile

corvidism

1 plugin · 70 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Page Whitelists

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/page-whitelists/assets/css/page-whitelists-admin.css/wp-content/plugins/page-whitelists/assets/js/page-whitelists-admin.js

Script Paths

/wp-content/plugins/page-whitelists/assets/js/page-whitelists-admin.js

Version Parameters

page-whitelists/assets/css/page-whitelists-admin.css?ver=page-whitelists/assets/js/page-whitelists-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wlist-settings-wrap

HTML Comments

Data Attributes

name="wlist_settings[strict_as_default]"name="wlist_settings[filter_all_listings]"id="wl_strict_as_default"id="wl_filter_all_listings"id="wlist-metabox"id="wlist_onpage_edit"

JS Globals

wp_lists_ajax_obj

FAQ