Does Superadmin Helper have any unpatched vulnerabilities?

No. All known vulnerabilities in Superadmin Helper have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Superadmin Helper compatible with WordPress 3.5.2?

According to WordPress.org data, Superadmin Helper 2.0.5 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Superadmin Helper updated?

Superadmin Helper was last updated on Apr 15, 2014. Frequent updates are generally a positive security signal.

What is Superadmin Helper's security score?

Superadmin Helper has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Superadmin Helper Security & Risk Analysis

wordpress.org/plugins/superadmin-helper

Set of utilities for managing multisite Wordpress installations. Logging, simple permban, etc.

10 active installs v2.0.5 PHP + WP 3.5+ Updated Apr 15, 2014

logmultisitepermbanspamsuperadmin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Superadmin Helper Safe to Use in 2026?

Generally Safe

Score 85/100

Superadmin Helper has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "superadmin-helper" plugin version 2.0.5 exhibits a generally good security posture in several areas. The absence of known vulnerabilities, a clean vulnerability history, and the lack of file operations or external HTTP requests are all positive indicators. Furthermore, the plugin does not expose any direct attack surface through AJAX, REST API, shortcodes, or cron events, and importantly, has no unprotected entry points.

However, the code analysis reveals significant concerns. A substantial 55% of SQL queries are not using prepared statements, which creates a considerable risk of SQL injection vulnerabilities. Compounding this, only 18% of output is properly escaped, indicating a high potential for cross-site scripting (XSS) vulnerabilities. The taint analysis also identified two flows with unsanitized paths, although these are not currently classified as critical or high severity, they warrant attention. The lack of nonce checks and capability checks on any potential implicit entry points (though none are directly exposed) is also a weakness that could be exploited if an attack surface were to emerge in future versions or through interactions with other plugins.

In conclusion, while the plugin benefits from a clean security history and a limited direct attack surface, the prevalent use of raw SQL queries and inadequate output escaping present substantial security risks. These weaknesses could be exploited to compromise database integrity or execute malicious scripts within the WordPress environment. Addressing these code-level issues should be a priority to improve the overall security of "superadmin-helper".

Key Concerns

Raw SQL queries without prepared statements
Insufficient output escaping
Unsanitized paths in taint analysis
Lack of nonce checks
Lack of capability checks

Vulnerabilities

None known

Superadmin Helper Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Superadmin Helper Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

55% prepared31 total queries

Output Escaping

18% escaped11 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

show_default_page (includes\permban-ui.php:96)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Superadmin Helper Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 45

actionplugins_loadedincludes\compatibility.php:14

filterwp_mailincludes\logging.php:11

actionprofile_updateincludes\logging.php:32

actionwp_loginincludes\logging.php:46

actionlostpassword_postincludes\logging.php:58

actionpassword_resetincludes\logging.php:65

actiondelete_userincludes\logging.php:74

actionadd_attachmentincludes\logging.php:83

actionwp_logoutincludes\logging.php:93

actionuser_registerincludes\logging.php:105

actionswitch_themeincludes\logging.php:115

actionactivated_pluginincludes\logging.php:124

actiondeactivated_pluginincludes\logging.php:136

actiondeactivate_blogincludes\logging.php:149

actionactivate_blogincludes\logging.php:158

actionarchive_blogincludes\logging.php:167

actionunarchive_blogincludes\logging.php:176

actionmake_spam_blogincludes\logging.php:185

actionmake_ham_blogincludes\logging.php:194

actionmature_blogincludes\logging.php:203

actionunmature_blogincludes\logging.php:211

actiondelete_blogincludes\logging.php:220

actionadd_user_to_blogincludes\logging.php:234

actionremove_user_from_blogincludes\logging.php:245

filterupdate_plugin_complete_actionsincludes\logging.php:256

filterinstall_plugin_complete_actionsincludes\logging.php:266

filterupdate_theme_complete_actionsincludes\logging.php:276

filterinstall_theme_complete_actionsincludes\logging.php:286

filterblog_redirect_404includes\logging.php:296

actionnetwork_admin_menuincludes\permban-ui.php:14

actionadmin_menuincludes\permban-ui.php:26

actionadmin_headincludes\permban-ui.php:75

actioninitincludes\permban.php:44

actionwp_login_failedincludes\permban.php:101

actionshow_user_profileincludes\primary-blog-setting.php:7

actionedit_user_profileincludes\primary-blog-setting.php:8

actionpersonal_options_updateincludes\primary-blog-setting.php:9

actionedit_user_profile_updateincludes\primary-blog-setting.php:10

actionwp_loginincludes\record-last-login-time.php:10

filterwpmu_users_columnsincludes\record-last-login-time.php:19

filtermanage_users_columnsincludes\record-last-login-time.php:20

actionmanage_users_custom_columnincludes\record-last-login-time.php:27

actionnetwork_admin_menuincludes\settings-ui.php:25

actionadmin_menuincludes\settings-ui.php:38

actioninitsuperadmin-helper.php:77

Maintenance & Trust

Superadmin Helper Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedApr 15, 2014

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Superadmin Helper Alternatives

WP Mail Logging

wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs

Captcha Code

captcha-code-authentication

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K 2 CVEs

CloudSecure WP Security

cloudsecure-wp-security

100

管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。

100K No CVEs

Titan Anti-spam & Security

anti-spam

Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication …

60K 3 CVEs

Simple Login Captcha

simple-login-captcha

100

Adds a simple 3-digit number captcha on the login form.

10K No CVEs

Developer Profile

Superadmin Helper Developer Profile

Jan Štětina

8 plugins · 200 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Superadmin Helper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

form-table

HTML Comments

Data Attributes

id="primary_blog"name="primary_blog"id="suh_last_login"

FAQ