Does PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Security & Risk Analysis

wordpress.org/plugins/powerup

Simplify site management with Login/Logout Redirect, Hide Admin Bar, Disable Comments, Header Footer Scripts and Remove Footer Credit.

200 active installs v1.0.5 PHP 5.6+ WP 4.3+ Updated Nov 10, 2025

disable-commentshide-admin-barlogin-redirectlogout-redirectregistration-redirect

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Safe to Use in 2026?

Generally Safe

Score 100/100

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "powerup" v1.0.5 plugin demonstrates a generally good security posture, with several positive indicators. The absence of known CVEs and its vulnerability history being clear is a significant strength, suggesting a commitment to security or a lack of historical exploitable issues. Static analysis also reveals a limited attack surface, with only one AJAX handler and no exposed REST API routes, shortcodes, or cron events. Crucially, this single AJAX handler appears to have authentication checks, which is a positive practice. The plugin utilizes prepared statements for all SQL queries and has a decent number of nonce and capability checks, further contributing to its secure design. However, there are areas for improvement. The 37% of output that is not properly escaped presents a potential Cross-Site Scripting (XSS) risk, as sensitive data could be exposed to users or attackers. Additionally, the presence of two unsanitized paths in the taint analysis, although not classified as critical or high severity, warrants investigation to ensure they do not lead to potential vulnerabilities. The two external HTTP requests, while not inherently risky, should be reviewed to ensure they are made securely and to trusted endpoints.

Key Concerns

Unescaped output found
Flows with unsanitized paths detected

Vulnerabilities

None known

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Release Timeline

v1.0.5Current

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

63% escaped49 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

pu_duplicate_post_callback (includes\modules\duplicate-post.php:44)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_gspu_ajax_handlerincludes\plugin.php:37

WordPress Hooks 32

actionswitch_themeappsero\Insights.php:140

actionswitch_themeappsero\Insights.php:141

actionadmin_footerappsero\Insights.php:158

actionadmin_noticesappsero\Insights.php:175

actionadmin_initappsero\Insights.php:178

filtercron_schedulesappsero\Insights.php:184

actionadmin_menuincludes\admin.php:8

actionadmin_enqueue_scriptsincludes\admin.php:9

filterallowed_redirect_hostsincludes\helpers.php:163

actionadmin_menuincludes\modules\disable-comments.php:19

actiontemplate_redirectincludes\modules\disable-comments.php:20

filterwoocommerce_product_tabsincludes\modules\disable-comments.php:21

actiontemplate_redirectincludes\modules\disable-comments.php:74

filtercomments_templateincludes\modules\disable-comments.php:90

filtershow_recent_comments_widget_styleincludes\modules\disable-comments.php:123

actionadmin_initincludes\modules\duplicate-post.php:23

actionin_admin_headerincludes\modules\footer-thankyou.php:32

actionwp_headincludes\modules\header-footer-scripts.php:23

actionwp_body_openincludes\modules\header-footer-scripts.php:24

actionwp_footerincludes\modules\header-footer-scripts.php:25

actionadmin_print_scripts-profile.phpincludes\modules\hide-admin-bar.php:21

filtershow_admin_barincludes\modules\hide-admin-bar.php:22

filterlogin_redirectincludes\modules\redirection-rules.php:12

filterlogout_redirectincludes\modules\redirection-rules.php:13

filterregistration_redirectincludes\modules\redirection-rules.php:14

actionadmin_initincludes\modules\restrict-wp-admin.php:11

actionplugins_loadedincludes\plugin.php:31

actioninitincludes\plugin.php:32

actioninitincludes\plugin.php:33

actioninitincludes\plugin.php:34

actionactivated_pluginincludes\plugin.php:36

actioncurrent_screenincludes\plugin.php:38

Maintenance & Trust

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 10, 2025

PHP min version5.6

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs200

Alternatives

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Alternatives

LoginWP (Formerly Peter's Login Redirect)

peters-login-redirect

Redirect users to different locations after they log in, log out and register based on different conditions.

90K 3 CVEs

WP Login and Logout Redirect

wp-login-and-logout-redirect

100

This plugin enable simple and easy way to redirect user to your chosen page URL after login or logout or both.

6K 1 CVE

Sky Login Redirect

sky-login-redirect

100

Control where users land after login/logout. Redirect by role, user, or previous page. Includes a powerful login customizer and WooCommerce support.

2K No CVEs

Previous Page Redirect for WooCommerce

previous-page-redirect-for-woocommerce

100

Redirect users to previous page and more on WooCommerce login and logout. Simplest way to direct users to your desired pages.

100 No CVEs

WC Quick Customer Redirects

wc-quick-customer-redirects

100

This plugin lets you set custom page redirects for customers after registration, login, logout actions.

30 No CVEs

Developer Profile

PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control) Developer Profile

GS Plugins

19 plugins · 42K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

173 days

View full developer profile

Detection Fingerprints

How We Detect PowerUp – Admin Tools (Login/Logout Redirects, Scripts & Comments Control)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/powerup/assets/admin/css/admin.min.css/wp-content/plugins/powerup/assets/admin/js/admin.min.js/wp-content/plugins/powerup/assets/libs/font-awesome/css/all.min.css/wp-content/plugins/powerup/assets/libs/powerup-grid/powerup-grid.min.css

Script Paths

/wp-content/plugins/powerup/assets/admin/js/admin.min.js

Version Parameters

powerup/assets/admin/css/admin.min.css?ver=powerup/assets/admin/js/admin.min.js?ver=powerup/assets/libs/font-awesome/css/all.min.css?ver=powerup/assets/libs/powerup-grid/powerup-grid.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

gs-powerup-dashboard-nav

Data Attributes

data-gs-powerup-module

JS Globals

_powerup_data

FAQ