Does Pumpkin Spice Admin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Pumpkin Spice Admin compatible with WordPress 5.8.13?

According to WordPress.org data, Pumpkin Spice Admin 0.1.1 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is Pumpkin Spice Admin compatible with PHP 7.3+?

Pumpkin Spice Admin requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pumpkin Spice Admin updated?

Pumpkin Spice Admin was last updated on Aug 15, 2024. Frequent updates are generally a positive security signal.

What is Pumpkin Spice Admin's security score?

Pumpkin Spice Admin has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pumpkin Spice Admin Security & Risk Analysis

wordpress.org/plugins/pumpkin-spice-admin

Add some fall flavor to your WordPress admin.

10 active installs v0.1.1 PHP 7.3+ WP 4.5+ Updated Aug 15, 2024

adminfrivolousholiday

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Pumpkin Spice Admin Safe to Use in 2026?

Generally Safe

Score 92/100

Pumpkin Spice Admin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "pumpkin-spice-admin" v0.1.1 plugin exhibits a strong security posture based on the provided static analysis results. The absence of any identified dangerous functions, SQL queries without prepared statements, improperly escaped output, file operations, external HTTP requests, or taint flows indicates a well-written codebase with security best practices in mind. Furthermore, the plugin has no recorded vulnerability history, suggesting a mature and stable development process.

However, a significant concern arises from the complete lack of nonce checks and capability checks. While the current attack surface is reported as zero, this can be misleading. If any future functionality is added without proper authorization checks, the plugin would be immediately vulnerable. The absence of these fundamental WordPress security mechanisms is a notable weakness that, while not currently exploitable, represents a significant potential risk if the plugin evolves.

In conclusion, the plugin is currently very secure due to its minimal functionality and adherence to secure coding practices. The primary weakness lies in the lack of built-in authorization mechanisms (nonces and capability checks), which leaves it open to potential vulnerabilities should its attack surface expand. Developers should prioritize implementing these checks to solidify its security.

Key Concerns

No nonce checks
No capability checks

Vulnerabilities

None known

Pumpkin Spice Admin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Pumpkin Spice Admin Release Timeline

v0.1.1Current

Code Analysis

Analyzed Mar 17, 2026

Pumpkin Spice Admin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped12 total outputs

Attack Surface

Pumpkin Spice Admin Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_enqueue_scriptspumpkin-spice.php:41

actionadmin_footerpumpkin-spice.php:42

Maintenance & Trust

Pumpkin Spice Admin Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedAug 15, 2024

PHP min version7.3

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Pumpkin Spice Admin Alternatives

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Redux Framework

redux-framework

Redux is a simple, truly extensible, and fully responsive options framework for WordPress themes and plugins. It ships with an integrated demo.

1.0M 6 CVEs

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs

Admin Menu Editor

admin-menu-editor

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs

Adminimize

adminimize

Adminimize that lets you hide 'unnecessary' items from the WordPress backend

200K 2 CVEs

Developer Profile

Pumpkin Spice Admin Developer Profile

cornershop

9 plugins · 11K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

70 days

View full developer profile

Detection Fingerprints

How We Detect Pumpkin Spice Admin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pumpkin-spice-admin/pumpkin-spice.css

Version Parameters

pumpkin-spice-admin/pumpkin-spice.css?ver=0.1.0

HTML / DOM Fingerprints

CSS Classes

fall-container

Shortcode Output

<div id="fall-container">
	<img src="

" alt>
	<img src="

" alt id="leaf2">
	<img src="

" alt id="leaf3">
	<img src="

FAQ