WP-Safety

Show Me The Admin Security & Risk Analysis

wordpress.org/plugins/show-me-the-admin

Hides your admin toolbar and enables you to make it appear, and disappear, using a variety of methods.

10 active installs v1.2.1 PHP + WP 3.0+ Updated Unknown
adminadmin-baradminbarbartoolbar
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Show Me The Admin Safe to Use in 2026?

Generally Safe

Score 100/100

Show Me The Admin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "show-me-the-admin" plugin v1.2.1 exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. While the plugin demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests, the presence of two AJAX handlers without authentication checks presents a significant attack surface. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended consequences or information disclosure.

The static analysis also highlights a SQL query that is not using prepared statements, which, while only one instance, increases the risk of SQL injection if the query is exposed to user-supplied input. The taint analysis indicates two flows with unsanitized paths, which, despite not being classified as critical or high severity, still represent potential areas where data could be manipulated or misused.

The absence of any recorded vulnerability history is a positive sign, suggesting the plugin has not been historically prone to security flaws. However, this should not lead to complacency, especially given the identified unprotected entry points and the raw SQL query. The plugin has strengths in its minimal external dependencies and lack of dangerous functions, but the immediate risks associated with its entry points require careful consideration.

Key Concerns

  • AJAX handlers without auth checks
  • SQL query not using prepared statements
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
Vulnerabilities
None known

Show Me The Admin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Show Me The Admin Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
10
14 escaped
Nonce Checks
2
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

58% escaped24 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
print_login_button (show-me-the-admin.php:675)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Show Me The Admin Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_smta_add_users_setting_noticeinc\admin.php:122
authwp_ajax_smta_add_user_noticeinc\admin.php:123
WordPress Hooks 16
actionnetwork_admin_menuinc\admin.php:94
actionadmin_menuinc\admin.php:97
actionadmin_head-settings_page_show-me-the-admininc\admin.php:100
actionadmin_enqueue_scriptsinc\admin.php:103
actionupdate_wpmu_optionsinc\admin.php:106
actionadmin_initinc\admin.php:109
actionprofile_personal_optionsinc\admin.php:112
actionpersonal_options_updateinc\admin.php:115
actionedit_user_profile_updateinc\admin.php:116
actionadmin_noticesinc\admin.php:119
actionadmin_initinc\admin.php:126
actioninitshow-me-the-admin.php:132
actionupgrader_process_completeshow-me-the-admin.php:138
actionwp_enqueue_scriptsshow-me-the-admin.php:141
filterbody_classshow-me-the-admin.php:144
actionwp_footershow-me-the-admin.php:147
Maintenance & Trust

Show Me The Admin Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedUnknown
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings6
Active installs10
Alternatives

Show Me The Admin Alternatives

Hide Admin Bar from Non-Admins

Hide Admin Bar from Non-Admins

hide-admin-bar-from-non-admins

A
92

Hides the WordPress toolbar (admin bar) for all non-admin users. Simple plugin with no settings to configure.

10K No CVEs
Disable Toolbar

Disable Toolbar

disable-toolbar

A
85

Control who sees the WP Toolbar when viewing your site.

2K No CVEs
iBar

iBar

ibar

A
100

This is a Mac OSX Menubar like WordPres adminbar/toolbar theme, designed for Mac and WordPress lovers.

10 No CVEs
Limecall

Limecall

limecall-widget

A
85

Limecall is a callback widget that enable your customers to speak to you instantly within few seconds and help you increase your web conversions.

10 No CVEs
SBL Admin Bar

SBL Admin Bar

sbl-admin-bar

A
85

SBL Admin Bar allows you to dynamically turn the Admin Bar on/off using the hotkeys CONTROL-SHIFT-A. Can be enabled and disabled by user role.

10 No CVEs
Developer Profile

Show Me The Admin Developer Profile

Rachel Cherry

3 plugins · 410 total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Show Me The Admin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/show-me-the-admin/assets/css/show-me-the-admin.css/wp-content/plugins/show-me-the-admin/assets/js/show-me-the-admin.js
Script Paths
/wp-content/plugins/show-me-the-admin/assets/js/show-me-the-admin.js
Version Parameters
show-me-the-admin/assets/css/show-me-the-admin.css?ver=show-me-the-admin/assets/js/show-me-the-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Show Me The Admin --><!-- BEGIN Show Me The Admin -->
Data Attributes
data-mouseleave-delay
JS Globals
show_me_the_admin_script_vars
FAQ

Frequently Asked Questions about Show Me The Admin