Does Smart Maintenance Mode have any unpatched vulnerabilities?

Yes — Smart Maintenance Mode currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Smart Maintenance Mode compatible with WordPress 6.8.5?

According to WordPress.org data, Smart Maintenance Mode 1.5.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Smart Maintenance Mode updated?

Smart Maintenance Mode was last updated on Apr 16, 2025. Frequent updates are generally a positive security signal.

What is Smart Maintenance Mode's security score?

Smart Maintenance Mode has a WP-Safety security score of 76/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smart Maintenance Mode Security & Risk Analysis

wordpress.org/plugins/smart-maintenance-mode

Smart Maintenance Mode allows you to put your site under maintenance mode for others and you can see the actual developement of your site by allowing …

1K active installs v1.5.3 PHP + WP 3.0+ Updated Apr 16, 2025

allow-ipcustomizeipmaintenance-modesmart-maintenance-mode

B · Generally Safe

CVEs total4

Unpatched1

Last CVEMar 25, 2025

Plugin page Download

Safety Verdict

Is Smart Maintenance Mode Safe to Use in 2026?

Mostly Safe

Score 76/100

Smart Maintenance Mode is generally safe to use. 4 past CVEs were resolved. Keep it updated.

4 known CVEs 1 unpatched Last CVE: Mar 25, 2025Updated 11mo ago

Risk Assessment

The "smart-maintenance-mode" plugin, version 1.5.3, presents a mixed security posture. While the attack surface appears minimal with no exposed AJAX handlers, REST API routes, shortcodes, or cron events, and a limited number of entry points, several code signals raise concerns. The presence of "unserialize" is a significant red flag, as it can lead to remote code execution if not handled with extreme caution and proper input validation. Furthermore, a low percentage (9%) of properly escaped outputs suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into web pages viewed by other users.

The vulnerability history is concerning, with four known CVEs, one of which remains unpatched. The prevalence of medium severity XSS and CSRF vulnerabilities in the past indicates a pattern of insecure input handling and insufficient protection against malicious actions. The recent unpatched vulnerability is particularly worrying and represents an immediate security threat. While the plugin demonstrates some positive practices like a majority of SQL queries using prepared statements and a few capability checks, these are overshadowed by the critical risk of "unserialize" and the persistent historical pattern of XSS and CSRF issues, compounded by an active unpatched vulnerability.

Key Concerns

Unpatched CVE
Dangerous function: unserialize
Low output escaping (9% proper)
Multiple past vulnerabilities (4 total)
Nonce check present but potentially insufficient

Vulnerabilities

Smart Maintenance Mode Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

4 total CVEs

CVE-2025-1490medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Maintenance Mode <= 1.5.2 - Reflected Cross-Site Scripting via setstatus Parameter

Mar 25, 2025 Patched in 1.5.3 (23d)

CVE-2024-12682medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Maintenance Mode <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 1.5.2 (50d)

CVE-2024-12683medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Smart Maintenance Mode <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 1.5.2 (50d)

CVE-2024-33638medium · 4.3Cross-Site Request Forgery (CSRF)

Smart Maintenance Mode <= 1.5.3 - Cross-Site Request Forgery

Apr 25, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Smart Maintenance Mode Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$smm_roles = unserialize(get_option('smm_roles'));smart-maintenance-mode.php:104

unserialize$smm_countdown = unserialize(get_option('smm_countdown'));smart-maintenance-mode.php:106

unserialize$smm_roles = unserialize(get_option('smm_roles'));smart-maintenance-mode.php:664

unserialize$smm_countdown = unserialize(get_option('smm_countdown'));smart-maintenance-mode.php:667

SQL Query Safety

70% prepared10 total queries

Output Escaping

9% escaped68 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

smart_maintenance_mode_option_page (smart-maintenance-mode.php:343)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Smart Maintenance Mode Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedsmart-maintenance-mode.php:43

actionplugins_loadedsmart-maintenance-mode.php:75

actiontemplate_redirectsmart-maintenance-mode.php:205

actionadmin_menusmart-maintenance-mode.php:217

Maintenance & Trust

Smart Maintenance Mode Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 16, 2025

PHP min version

Downloads58K

Community Trust

Rating64/100

Number of ratings15

Active installs1K

Alternatives

Smart Maintenance Mode Alternatives

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs

Custom Header Footer Scripts for Customizer

custom-script-for-customizer

Add custom script to header and footer through WordPress Customizer. Edit your scripts with CodeMirror editor within Customizer.

2K No CVEs

Admin Tweaks

many-tips-together

100

Customize various aspects of WordPress backend. Create a clean and easier admin area for the users.

1K No CVEs

Live Custom CSS JS Code Editor

live-css-js-code-editor

Live Custom CSS JS Code Editor allows you to easily add custom CSS, JavaScript, Header, Footer Code to your site, straight from your WordPress Customi …

400 No CVEs

QPMN POD by QP Group

qpmn-pod-by-qp-group

100

Partner with QPMN, leverage the next-gen customizable print-on-demand drop shipping plugin to transform your store.

200 No CVEs

Developer Profile

Smart Maintenance Mode Developer Profile

brijeshk89

5 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

25 days

View full developer profile

Detection Fingerprints

How We Detect Smart Maintenance Mode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smart-maintenance-mode/js/countdown.js

HTML / DOM Fingerprints

JS Globals

smm_done_handlermyCountdown1

FAQ