Does Simple Page Access Restriction have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Page Access Restriction have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Page Access Restriction compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Page Access Restriction 1.0.35 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Simple Page Access Restriction compatible with PHP 5.6+?

Simple Page Access Restriction requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Simple Page Access Restriction updated?

Simple Page Access Restriction was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is Simple Page Access Restriction's security score?

Simple Page Access Restriction has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Page Access Restriction Security & Risk Analysis

wordpress.org/plugins/simple-page-access-restriction

This plugin offers a simple way to restrict visits to select pages only to logged-in users and allows for page redirection to an existing login page.

6K active installs v1.0.35 PHP 5.6+ WP 4.4+ Updated Feb 26, 2026

access-restrictionpage-access-restrictionpage-redirectpage-restrictpage-restriction

A · Safe

CVEs total4

Unpatched0

Last CVEAug 27, 2025

Plugin page Download

Safety Verdict

Is Simple Page Access Restriction Safe to Use in 2026?

Generally Safe

Score 96/100

Simple Page Access Restriction has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Aug 27, 2025Updated 1mo ago

Risk Assessment

The 'simple-page-access-restriction' plugin version 1.0.35 exhibits a mixed security posture. While it demonstrates good practices such as having a relatively small attack surface and a high percentage of properly escaped output, there are significant concerns related to its handling of unauthenticated AJAX requests and its past vulnerability history. The presence of an AJAX handler without authentication is a critical entry point that could be exploited by attackers to trigger unintended actions. Furthermore, the plugin has a history of four medium-severity vulnerabilities, primarily related to Cross-Site Request Forgery, Exposure of Sensitive Information, and Improper Access Control. Although there are no currently unpatched CVEs, this pattern suggests recurring security weaknesses that warrant careful consideration. The plugin's reliance on non-prepared SQL queries is also a weakness, increasing the risk of SQL injection vulnerabilities, especially when combined with other security flaws.

In conclusion, while the plugin has some positive attributes like a good output escaping rate, the identified unauthenticated AJAX endpoint and the historical pattern of medium-severity vulnerabilities point to potential security risks. The lack of prepared statements in its SQL queries further exacerbates these risks. Users should exercise caution and monitor for future updates that address these identified weaknesses.

Key Concerns

AJAX handler without auth checks
SQL queries not using prepared statements
Previous medium severity CVEs (4 total)

Vulnerabilities

Simple Page Access Restriction Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-58202medium · 4.3Cross-Site Request Forgery (CSRF)

Simple Page Access Restriction <= 1.0.32 - Cross-Site Request Forgery

Aug 27, 2025 Patched in 1.0.33 (8d)

CVE-2025-5142medium · 6.5Cross-Site Request Forgery (CSRF)

Simple Page Access Restriction <= 1.0.31 - Cross-Site Request Forgery via Multiple Parameters

May 29, 2025 Patched in 1.0.32 (1d)

CVE-2024-11295medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Simple Page Access Restriction <= 1.0.29 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

Dec 17, 2024 Patched in 1.0.30 (1d)

CVE-2024-0965medium · 5.3Improper Access Control

Simple Page Access Restriction <= 1.0.21 - Improper Access Control to Sensitive Information Exposure via REST API

Feb 7, 2024 Patched in 1.0.23 (1d)

Code Analysis

Analyzed Mar 16, 2026

Simple Page Access Restriction Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

82% escaped56 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<functions> (includes\restrictions\functions.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Simple Page Access Restriction Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 3

authwp_ajax_ps_simple_par_deactivationincludes\admin\admin.php:51

authwp_ajax_ps_simple_par_handle_subscription_requestincludes\admin\admin.php:56

authwp_ajax_ps_simple_par_review_noticeincludes\admin\admin.php:223

WordPress Hooks 21

actionadd_meta_boxesincludes\admin\admin.php:45

actionsave_postincludes\admin\admin.php:46

actionadmin_menuincludes\admin\admin.php:48

actionplugin_row_metaincludes\admin\admin.php:49

actionadmin_footerincludes\admin\admin.php:50

actionplugin_action_linksincludes\admin\admin.php:52

actionps_simple_par_after_settings_titleincludes\admin\admin.php:54

actionadmin_noticesincludes\admin\admin.php:236

actionadmin_footerincludes\admin\functions-posts.php:58

actionsave_postincludes\admin\functions-posts.php:177

actionadmin_enqueue_scriptsincludes\admin\functions-scripts.php:32

actionadmin_enqueue_scriptsincludes\admin\functions-scripts.php:115

actionadmin_enqueue_scriptsincludes\admin\functions-styles.php:30

actionadmin_enqueue_scriptsincludes\admin\functions-styles.php:83

actionwp_loginincludes\class-redirection.php:34

actionwp_redirectincludes\class-redirection.php:137

actioninitsimple-page-access-restriction.php:144

filterpre_get_postssimple-page-access-restriction.php:145

actionsend_headerssimple-page-access-restriction.php:146

actiontemplate_redirectsimple-page-access-restriction.php:147

actionplugins_loadedsimple-page-access-restriction.php:345

Maintenance & Trust

Simple Page Access Restriction Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version5.6

Downloads73K

Community Trust

Rating98/100

Number of ratings30

Active installs6K

Alternatives

Simple Page Access Restriction Alternatives

Advanced User Access Manager

advanced-user-access-manager

Introducing Advanced User Access Manager for WordPress – your go-to solution for precise user control. Easily restrict page access, customize login re …

0 No CVEs

Page and Post Restriction

page-and-post-restriction

Restrict content access for WordPress (WP) | Restrict pages/posts in WP based on user roles and login status to protect content

2K 3 CVEs

Quentn WP

quentn-wp

Restrict access to specific pages, create access links and display countdowns. Connect your wordpress installation with your Quentn account.

500 2 CVEs

Agy verification

agy-verification

Agy Verification is a modern and responsive solution for any kind of verification.

100 No CVEs

Page Restriction With Role

page-restriction-with-role

The plugin to help you make template pages in easy way and make them accessible depending on the additional role provided with this plugin and assigne …

10 No CVEs

Developer Profile

Simple Page Access Restriction Developer Profile

Plugins and Snippets

4 plugins · 6K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

3 days

View full developer profile

Detection Fingerprints

How We Detect Simple Page Access Restriction

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-page-access-restriction/assets/css/admin.css/wp-content/plugins/simple-page-access-restriction/assets/js/admin.js/wp-content/plugins/simple-page-access-restriction/assets/js/password-protection.js/wp-content/plugins/simple-page-access-restriction/assets/js/subscription.js

Script Paths

/wp-content/plugins/simple-page-access-restriction/assets/js/admin.js/wp-content/plugins/simple-page-access-restriction/assets/js/password-protection.js/wp-content/plugins/simple-page-access-restriction/assets/js/subscription.js

Version Parameters

simple-page-access-restriction/assets/css/admin.css?ver=simple-page-access-restriction/assets/js/admin.js?ver=simple-page-access-restriction/assets/js/password-protection.js?ver=simple-page-access-restriction/assets/js/subscription.js?ver=

HTML / DOM Fingerprints

CSS Classes

ps-simple-par-password-form

HTML Comments

+6 more

Data Attributes

ps_simple_par_metabox_nonceps_simple_par_mb_noncedata-ps-simple-par-pass-fielddata-ps-simple-par-error-element

JS Globals

ps_simple_par_ajax_objectps_simple_par_password_protection_objectps_simple_par_deactivation_objectps_simple_par_subscription_object

REST Endpoints

/wp-json/ps-simple-par/v1/check-password

Shortcode Output

<form class="ps-simple-par-password-form" method="post">

FAQ