WP-Safety

Quentn WP Security & Risk Analysis

wordpress.org/plugins/quentn-wp

Restrict access to specific pages, create access links and display countdowns. Connect your wordpress installation with your Quentn account.

500 active installs v1.2.12 PHP 5.6.0+ WP 4.6.0+ Updated Jun 24, 2025
countdownemailmarketing-automationpage-restrictionquentn
93
A · Safe
CVEs total2
Unpatched0
Last CVEApr 17, 2025
Plugin page Download
Safety Verdict

Is Quentn WP Safe to Use in 2026?

Generally Safe

Score 93/100

Quentn WP has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 17, 2025Updated 9mo ago
Risk Assessment

The quentn-wp plugin v1.2.12 exhibits a mixed security posture. While it demonstrates good practices in several areas, such as a high percentage of prepared SQL statements and properly escaped output, there are significant concerns. The presence of two AJAX handlers, both lacking authentication checks, creates a substantial attack surface. Furthermore, the use of the `unserialize` function is a known dangerous function that can lead to remote code execution if not handled with extreme care, especially when processing user-supplied data. The plugin's history of two CVEs, one critical and one high, involving SQL Injection and Improper Privilege Management, is a major red flag. Although these CVEs are currently unpatched, their historical existence suggests a pattern of vulnerabilities that require vigilant attention and timely updates. The lack of unpatched CVEs at the moment is positive, but the historical context should not be ignored.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Historical critical CVEs
  • Historical high CVEs
Vulnerabilities
2

Quentn WP Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1

2 total CVEs

CVE-2025-39595high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Quentn WP <= 1.2.8 - Unauthenticated SQL Injection

Apr 17, 2025 Patched in 1.2.9 (6d)
CVE-2025-39596critical · 9.8Improper Privilege Management

Quentn WP <= 1.2.8 - Unauthenticated Privilege Escalation

Apr 17, 2025 Patched in 1.2.9 (6d)
Code Analysis
Analyzed Mar 16, 2026

Quentn WP Code Analysis

Dangerous Functions
1
Raw SQL Queries
5
32 prepared
Unescaped Output
28
119 escaped
Nonce Checks
5
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$user_data = unserialize( $user_data[0]->fields );includes\class-quentn-wp-restrict-access.php:225

Bundled Libraries

Select2Guzzle

SQL Query Safety

86% prepared37 total queries

Output Escaping

81% escaped147 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
<quentn-delete-user-data> (admin\partials\quentn-delete-user-data.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Quentn WP Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_quentn_dismiss_cookie_noticeincludes\class-quentn-wp.php:291
authwp_ajax_quentn_dismiss_member_plugin_noticeincludes\class-quentn-wp.php:294

Shortcodes 1

[quentn_flipclock] includes\class-quentn-wp-restrict-access.php:13
WordPress Hooks 66
actionadmin_noticesadmin\class-quentn-wp-admin.php:525
actioninitincludes\class-quentn-wp-cron.php:13
actionquentn_cron_hookincludes\class-quentn-wp-cron.php:14
actionplugins_loadedincludes\class-quentn-wp-elementor-integration.php:23
filterelementor_pro/forms/render/itemincludes\class-quentn-wp-elementor-integration.php:28
filterelementor_pro/forms/render/item/radioincludes\class-quentn-wp-elementor-integration.php:29
actionplugins_loadedincludes\class-quentn-wp-elementor.php:20
actionelementor_pro/initincludes\class-quentn-wp-elementor.php:22
actionwpmu_activate_userincludes\class-quentn-wp-learndash.php:16
actionadd_user_to_blogincludes\class-quentn-wp-learndash.php:17
actionuser_registerincludes\class-quentn-wp-learndash.php:19
actionadmin_initincludes\class-quentn-wp-learndash.php:23
actionprofile_updateincludes\class-quentn-wp-learndash.php:26
actionremove_user_roleincludes\class-quentn-wp-learndash.php:29
actionadd_user_roleincludes\class-quentn-wp-learndash.php:33
actionadd_option_quentn_add_logincludes\class-quentn-wp-log.php:40
actionupdate_option_quentn_add_logincludes\class-quentn-wp-log.php:41
actionupdate_option_quentn_log_expire_daysincludes\class-quentn-wp-log.php:44
actionquentn_access_grantedincludes\class-quentn-wp-log.php:46
actionquentn_access_revokedincludes\class-quentn-wp-log.php:47
actionquentn_user_createdincludes\class-quentn-wp-log.php:49
actionquentn_user_updatedincludes\class-quentn-wp-log.php:50
actionquentn_user_role_addedincludes\class-quentn-wp-log.php:52
actionquentn_user_role_removedincludes\class-quentn-wp-log.php:53
actionquentn_user_visit_restricted_pageincludes\class-quentn-wp-log.php:56
actionquentn_user_access_deniedincludes\class-quentn-wp-log.php:57
actionquentn_user_autologinincludes\class-quentn-wp-log.php:59
actionquentn_user_reset_passwordincludes\class-quentn-wp-log.php:60
actionquentn_user_autologin_failedincludes\class-quentn-wp-log.php:62
actionadd_meta_boxesincludes\class-quentn-wp-page-restriction-meta-box.php:18
actionsave_postincludes\class-quentn-wp-page-restriction-meta-box.php:19
actionlogin_initincludes\class-quentn-wp-reset-password.php:13
actionafter_password_resetincludes\class-quentn-wp-reset-password.php:14
filterauthenticateincludes\class-quentn-wp-reset-password.php:51
filterauthenticateincludes\class-quentn-wp-reset-password.php:79
actionrest_api_initincludes\class-quentn-wp-rest-api-controller.php:116
filterthe_contentincludes\class-quentn-wp-restrict-access.php:14
filtertve_landing_page_contentincludes\class-quentn-wp-restrict-access.php:16
actionwp_headincludes\class-quentn-wp-restrict-access.php:18
actionadmin_initincludes\class-quentn-wp-web-tracking.php:25
actionplugins_loadedincludes\class-quentn-wp.php:217
actionadmin_enqueue_scriptsincludes\class-quentn-wp.php:232
actionadmin_enqueue_scriptsincludes\class-quentn-wp.php:234
actionadmin_menuincludes\class-quentn-wp.php:237
actionwpmu_new_blogincludes\class-quentn-wp.php:241
actionwpmu_activate_userincludes\class-quentn-wp.php:242
actionadd_user_to_blogincludes\class-quentn-wp.php:243
actionremove_user_from_blogincludes\class-quentn-wp.php:244
actiondelete_blogincludes\class-quentn-wp.php:247
actionuser_registerincludes\class-quentn-wp.php:249
actiondelete_userincludes\class-quentn-wp.php:250
actionwp_loginincludes\class-quentn-wp.php:254
actionprofile_updateincludes\class-quentn-wp.php:257
actionremove_user_roleincludes\class-quentn-wp.php:260
actionadd_user_roleincludes\class-quentn-wp.php:263
actionset_user_roleincludes\class-quentn-wp.php:266
actioninitincludes\class-quentn-wp.php:269
actionadmin_initincludes\class-quentn-wp.php:272
actionadmin_noticesincludes\class-quentn-wp.php:275
actionadmin_noticesincludes\class-quentn-wp.php:279
actionadmin_initincludes\class-quentn-wp.php:283
filterset-screen-optionincludes\class-quentn-wp.php:299
actionplugins_loadedincludes\class-quentn-wp.php:314
actionwp_enqueue_scriptsincludes\class-quentn-wp.php:316
actionwp_enqueue_scriptsincludes\class-quentn-wp.php:317
actionwp_headincludes\class-quentn-wp.php:319

Scheduled Events 1

quentn_cron_hook
Maintenance & Trust

Quentn WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJun 24, 2025
PHP min version5.6.0
Downloads15K

Community Trust

Rating100/100
Number of ratings2
Active installs500
Alternatives

Quentn WP Alternatives

ActiveCampaign – The autonomous marketing platform

ActiveCampaign – The autonomous marketing platform

activecampaign-subscription-forms

A
96

Add ActiveCampaign contact forms and live chat to any post, page, or sidebar. Also enable ActiveCampaign site tracking for your WordPress blog.

40K 4 CVEs
Brevo for WooCommerce

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A
93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

B
82

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 11 CVEs
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics

makewebbetter-hubspot-for-woocommerce

A
98

Integrate WooCommerce with HubSpot’s free CRM, abandoned cart tracking, email marketing, marketing automation, analytics & more.

7K 1 CVE
CleverReach® WP

CleverReach® WP

cleverreach-wp

A
94

Connect your WordPress account with our easy-to-use email software and increase the success of your website or blog with newsletter marketing!

4K 2 CVEs
Developer Profile

Quentn WP Developer Profile

Quentn.com GmbH

1 plugin · 500 total installs

95
trust score
Avg Security Score
93/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Quentn WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quentn-wp/admin/css/bootstrap-qntn.css/wp-content/plugins/quentn-wp/admin/css/tempusdominus-bootstrap-4.css/wp-content/plugins/quentn-wp/admin/css/jquery.bootstrap-touchspin.css/wp-content/plugins/quentn-wp/admin/css/jquery-ui.min.css/wp-content/plugins/quentn-wp/admin/css/select2.min.css/wp-content/plugins/quentn-wp/admin/css/admin-style.css

HTML / DOM Fingerprints

CSS Classes
quentn-login-wrapquentn-login-buttonquentn-login-wrapquentn-form-groupquentn-btnquentn-btn-primaryquentn-btn-secondary
HTML Comments
<!-- Quentn Plugin Backend Form --><!-- Quentn Plugin Backend Form --><!-- Quentn Plugin Backend Form --><!-- Quentn Plugin Backend Form -->+4 more
Data Attributes
data-quentn-accessdata-quentn-access-page-id
JS Globals
QuentnWPQuentnAdminQuentn_DashboardQuentn_Page_Access
REST Endpoints
/wp-json/quentn-wp/v1/admin/update-post-options/wp-json/quentn-wp/v1/admin/get-post-access-options/wp-json/quentn-wp/v1/admin/get-post-access-options-recursive/wp-json/quentn-wp/v1/admin/check-api-key/wp-json/quentn-wp/v1/admin/save-api-key/wp-json/quentn-wp/v1/admin/delete-api-key/wp-json/quentn-wp/v1/admin/update-restriction/wp-json/quentn-wp/v1/admin/get-restrictions/wp-json/quentn-wp/v1/admin/delete-restriction/wp-json/quentn-wp/v1/admin/get-users/wp-json/quentn-wp/v1/admin/delete-user/wp-json/quentn-wp/v1/admin/update-user/wp-json/quentn-wp/v1/admin/get-quentin-tags/wp-json/quentn-wp/v1/admin/update-access-page-settings/wp-json/quentn-wp/v1/admin/get-access-page-settings
Shortcode Output
[quentn_login_form][quentn_login][quentn_logout][quentn_access_link]
FAQ

Frequently Asked Questions about Quentn WP