WP-Safety

Under Construction Security & Risk Analysis

wordpress.org/plugins/under-construction-page

Easy to use Under Construction Page & Coming Soon Page. Enable Under Construction Mode in seconds & show you're Under Construction!

600K active installs v4.04 PHP 5.2+ WP 4.0+ Updated Feb 11, 2026
coming-soon-modecoming-soon-pageunder-constructionunder-construction-modeunder-construction-page
99
A · Safe
CVEs total3
Unpatched0
Last CVEFeb 10, 2023
Plugin page Download
Safety Verdict

Is Under Construction Safe to Use in 2026?

Generally Safe

Score 99/100

Under Construction has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Feb 10, 2023Updated 1mo ago
Risk Assessment

The plugin "under-construction-page" v4.04 exhibits a mixed security posture. On the positive side, the static analysis indicates good practices with all identified AJAX entry points having authorization checks. Furthermore, there are no detected dangerous functions, no raw SQL queries, and a strong emphasis on output escaping, with 73% of outputs being properly handled. The absence of taint analysis findings and the presence of nonce and capability checks are also reassuring signals.

However, the vulnerability history is a significant concern. The plugin has a documented history of 3 medium severity vulnerabilities, including Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS). The last vulnerability was recorded on February 10, 2023, and although there are currently no unpatched vulnerabilities, this pattern suggests a recurring tendency for security flaws to emerge. The presence of bundled libraries, specifically Select2, also warrants attention, as outdated versions of bundled libraries can introduce vulnerabilities if not managed properly.

Overall, while the current version shows improvements in secure coding practices like authentication and escaping, the past vulnerability trend necessitates caution. The potential for XSS and CSRF, even if currently addressed, indicates areas that require ongoing vigilance. The plugin's strengths lie in its secure handling of AJAX and SQL, but its weakness is highlighted by its historical susceptibility to common web attack vectors.

Key Concerns

  • Past medium severity vulnerabilities (3 total)
  • Bundled library (Select2) potentially outdated
  • Some outputs not properly escaped (27%)
Vulnerabilities
3

Under Construction Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2023-0831medium · 4.3Cross-Site Request Forgery (CSRF)

Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice

Feb 10, 2023 Patched in 3.97 (433d)
CVE-2023-0832medium · 4.3Cross-Site Request Forgery (CSRF)

Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot

Feb 10, 2023 Patched in 3.97 (347d)
WF-d5df75f8-1250-4b79-a796-9146d3037bec-under-construction-pagemedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Under Construction <= 3.85 - Authenticated Stored Cross-Site Scripting

Jan 20, 2021 Patched in 3.86 (1098d)
Code Analysis
Analyzed Mar 16, 2026

Under Construction Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
74
201 escaped
Nonce Checks
9
Capability Checks
7
File Operations
0
External Requests
4
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

73% escaped275 total outputs
Attack Surface

Under Construction Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_ucp_dismiss_pointerunder-construction.php:107
authwp_ajax_ucp_dismiss_surveyunder-construction.php:108
authwp_ajax_ucp_submit_surveyunder-construction.php:109
authwp_ajax_ucp_submit_support_messageunder-construction.php:110
WordPress Hooks 31
actionadmin_menuunder-construction.php:81
actionadmin_initunder-construction.php:84
filterplugin_row_metaunder-construction.php:91
filteradmin_footer_textunder-construction.php:92
filteradmin_footerunder-construction.php:93
actionadmin_noticesunder-construction.php:96
actionadmin_action_ucp_dismiss_noticeunder-construction.php:97
actionadmin_action_ucp_change_statusunder-construction.php:98
actionadmin_action_ucp_reset_settingsunder-construction.php:99
actionadmin_action_install_weglotunder-construction.php:100
actionadmin_action_install_wpfsslunder-construction.php:101
actionadmin_enqueue_scriptsunder-construction.php:104
actionwpunder-construction.php:113
filterlogin_messageunder-construction.php:116
actiondo_feed_rdfunder-construction.php:119
actiondo_feed_rssunder-construction.php:120
actiondo_feed_rss2under-construction.php:121
actiondo_feed_atomunder-construction.php:122
actionwp_footerunder-construction.php:124
actionwp_before_admin_bar_renderunder-construction.php:128
actionwp_headunder-construction.php:129
actionadmin_headunder-construction.php:130
actionadmin_noticesunder-construction.php:140
filtersafe_style_cssunder-construction.php:2588
filtersafe_style_cssunder-construction.php:2890
actioninitunder-construction.php:3043
actionplugins_loadedunder-construction.php:3044
actionadmin_initwf-flyout\wf-flyout.php:26
actionadmin_enqueue_scriptswf-flyout\wf-flyout.php:72
actionadmin_headwf-flyout\wf-flyout.php:73
actionadmin_footerwf-flyout\wf-flyout.php:74
Maintenance & Trust

Under Construction Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version5.2
Downloads12.7M

Community Trust

Rating96/100
Number of ratings1,284
Active installs600K
Alternatives

Under Construction Alternatives

Siteready Coming Soon Under Construction

Siteready Coming Soon Under Construction

siteready-coming-soon-under-construction

A
100

Create stunning Coming Soon or Maintenance pages fast! Hide your site, add countdowns & forms, and keep SEO intact while you prepare to launch.

2K No CVEs
Super Easy Maintenance Mode – Coming Soon & Under Construction

Super Easy Maintenance Mode – Coming Soon & Under Construction

super-easy-maintenance-mode

A
100

Enable coming soon page, maintenance mode, under construction page in just one click toggle.

300 No CVEs
Perfect Coming Soon Page

Perfect Coming Soon Page

perfect-coming-soon-page

A
85

Perfect Coming Soon page enables you to use a light weighted plugin for multiple needs of coming soon,underconstruction or offline mode.

200 No CVEs
Web en construccion IndianWebs

Web en construccion IndianWebs

web-en-construccion-indianwebs

A
85

Pon un mensaje de web en construcción en tu sitio web.

100 No CVEs
Simple Custom Coming Soon/Maintenance Mode

Simple Custom Coming Soon/Maintenance Mode

simple-custom-coming-soonmaintenance-mode

A
100

A customizable Coming Soon/Maintenance Mode plugin for WordPress that lets you display a professional coming soon or under-construction page—with coun &hellip;

20 No CVEs
Developer Profile

Under Construction Developer Profile

WebFactory

28 plugins · 3.5M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
699 days
View full developer profile
Detection Fingerprints

How We Detect Under Construction

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/under-construction-page/assets/css/backend/style.css/wp-content/plugins/under-construction-page/assets/css/frontend/style.css/wp-content/plugins/under-construction-page/assets/js/backend/script.js/wp-content/plugins/under-construction-page/assets/js/frontend/script.js/wp-content/plugins/under-construction-page/assets/js/backend/license-manager.js/wp-content/plugins/under-construction-page/assets/js/backend/admin-menu.js/wp-content/plugins/under-construction-page/assets/js/frontend/plugins-loader.js/wp-content/plugins/under-construction-page/assets/js/frontend/plugins/weglot.js+2 more
Script Paths
/wp-content/plugins/under-construction-page/assets/js/backend/script.js/wp-content/plugins/under-construction-page/assets/js/frontend/script.js/wp-content/plugins/under-construction-page/assets/js/backend/license-manager.js/wp-content/plugins/under-construction-page/assets/js/backend/admin-menu.js/wp-content/plugins/under-construction-page/assets/js/frontend/plugins-loader.js/wp-content/plugins/under-construction-page/assets/js/frontend/plugins/weglot.js+2 more
Version Parameters
under-construction-page/assets/css/backend/style.css?ver=under-construction-page/assets/css/frontend/style.css?ver=under-construction-page/assets/js/backend/script.js?ver=under-construction-page/assets/js/frontend/script.js?ver=under-construction-page/assets/js/backend/license-manager.js?ver=under-construction-page/assets/js/backend/admin-menu.js?ver=under-construction-page/assets/js/frontend/plugins-loader.js?ver=under-construction-page/assets/js/frontend/plugins/weglot.js?ver=under-construction-page/assets/js/frontend/plugins/wp-fssl.js?ver=under-construction-page/assets/js/frontend/helpers.js?ver=

HTML / DOM Fingerprints

CSS Classes
ucp-settings-pageucp-backenducp-frontenducp-admin-bar-noticeucp-login-messageucp-notice-content
HTML Comments
<!-- UCP Footer Note --><!-- UCP Admin Bar -->
Data Attributes
data-ucp-settingdata-ucp-toggledata-ucp-noncedata-ucp-action
JS Globals
ucp_ajax_objectUCP_L10NUCP_ajax_nonceucp_admin_options
REST Endpoints
/wp-json/ucp/v1/settings/wp-json/ucp/v1/status/wp-json/ucp/v1/reset
FAQ

Frequently Asked Questions about Under Construction