WP-Safety

View Admin As Security & Risk Analysis

wordpress.org/plugins/view-admin-as

View the WordPress admin as a different role or visitor, switch between users, temporarily change your capabilities, set screen settings for roles.

9K active installs v1.8.10 PHP 5.2.4+ WP 4.1+ Updated Nov 23, 2024
adminrolesswitchusersview
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is View Admin As Safe to Use in 2026?

Generally Safe

Score 92/100

View Admin As has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "view-admin-as" plugin v1.8.10 exhibits a generally good security posture, with a strong emphasis on secure coding practices like prepared SQL statements and proper output escaping. The absence of any historical vulnerabilities or recorded CVEs further reinforces this positive outlook, suggesting a history of diligent security awareness and maintenance. The plugin's static analysis also reveals a low number of entry points and no critical or high severity taint flows, which are excellent indicators of a well-secured codebase.

However, there is a notable area of concern: one AJAX handler lacks authentication checks. This represents a potential attack vector, as it could be exploited by unauthenticated users if the functionality exposed through this handler is sensitive. While the overall attack surface is small and other entry points appear to be secured, this single unprotected AJAX handler is a significant weakness that warrants attention. Despite this, the plugin's strengths in SQL handling, output escaping, and its clean vulnerability history point towards a fundamentally sound and low-risk plugin, provided this single access control issue is addressed.

Key Concerns

  • AJAX handler without auth checks
Vulnerabilities
None known

View Admin As Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

View Admin As Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
2
55 escaped
Nonce Checks
1
Capability Checks
8
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

96% escaped57 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
remove_query_args (ui\class-ui.php:218)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

View Admin As Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 1

authwp_ajax_view_admin_asincludes\class-controller.php:102

Shortcodes 2

[groups_member] modules\class-groups.php:162
[groups_non_member] modules\class-groups.php:163
WordPress Hooks 102
actionvaa_view_admin_as_initincludes\class-compat.php:56
filtermembers_get_capabilitiesincludes\class-compat.php:69
actionmembers_register_cap_groupsincludes\class-compat.php:70
filterure_capabilities_groups_treeincludes\class-compat.php:76
filterure_custom_capability_groupsincludes\class-compat.php:77
filterview_admin_as_get_capabilitiesincludes\class-compat.php:83
filterwauc_admin_bar_menu_add_nodesincludes\class-compat.php:90
filterwauc_admin_bar_filter_loadincludes\class-compat.php:91
filterwauc_admin_bar_menu_widget_no_submenuincludes\class-compat.php:92
filterwauc_admin_bar_menu_widget_title_readonly_vaaincludes\class-compat.php:93
filterwauc_admin_bar_menu_widget_disable_target_vaaincludes\class-compat.php:94
filterpods_is_adminincludes\class-compat.php:110
actionwp_loginincludes\class-controller.php:55
actionwp_loginincludes\class-controller.php:56
actionwp_logoutincludes\class-controller.php:57
filterview_admin_as_handle_ajax_resetincludes\class-controller.php:87
filterview_admin_as_validate_view_data_visitorincludes\class-controller.php:90
filterview_admin_as_update_view_visitorincludes\class-controller.php:91
filtervaa_view_admin_as_view_titlesincludes\class-controller.php:92
filterview_admin_as_validate_view_data_settingincludes\class-settings.php:236
filterview_admin_as_validate_view_data_user_settingincludes\class-settings.php:237
filterview_admin_as_handle_ajax_settingincludes\class-settings.php:239
filterview_admin_as_handle_ajax_user_settingincludes\class-settings.php:240
filterview_admin_as_update_global_settingsincludes\class-type.php:122
actionvaa_view_admin_as_pre_initincludes\class-type.php:145
actioninitincludes\class-type.php:150
actionvaa_admin_bar_menuincludes\class-type.php:236
actionvaa_view_admin_as_do_viewincludes\class-type.php:241
filtervaa_view_admin_as_view_titlesincludes\class-type.php:243
actioninitincludes\class-vaa.php:151
actionadmin_noticesincludes\class-vaa.php:154
actionplugins_loadedincludes\class-vaa.php:163
actionafter_setup_themeincludes\class-view.php:134
actionvaa_view_admin_as_do_viewincludes\class-view.php:152
actionswitch_blogincludes\class-view.php:159
filterupdate_user_metadataincludes\class-view.php:165
filterget_user_metadataincludes\class-view.php:171
filteruser_has_capincludes\class-view.php:190
filtermap_meta_capincludes\class-view.php:198
filterview_admin_as_user_has_cap_prioritymodules\class-caps.php:91
actionvaa_view_admin_as_modify_usermodules\class-caps.php:92
filtermembers_get_capabilitiesmodules\class-groups.php:102
actionvaa_view_admin_as_do_viewmodules\class-groups.php:120
actionvaa_view_admin_as_modify_usermodules\class-groups.php:147
filtergroups_post_access_user_can_read_postmodules\class-groups.php:150
actionwpmodules\class-groups.php:157
filtergroups_group_canmodules\class-groups.php:171
filtergroups_user_canmodules\class-groups.php:172
filterlocalemodules\class-languages.php:98
actionafter_setup_thememodules\class-languages.php:99
filterview_admin_as_freeze_localemodules\class-languages.php:102
actioninitmodules\class-restrict-user-access.php:136
actionvaa_admin_bar_roles_aftermodules\class-restrict-user-access.php:162
actionvaa_view_admin_as_do_viewmodules\class-restrict-user-access.php:165
actionvaa_view_admin_as_modify_usermodules\class-restrict-user-access.php:194
filterget_user_metadatamodules\class-restrict-user-access.php:197
filterrua/user/global-accessmodules\class-restrict-user-access.php:202
filterview_admin_as_add_capabilitiesmodules\class-role-defaults.php:120
actionvaa_view_admin_as_initmodules\class-role-defaults.php:143
actionadd_user_to_blogmodules\class-role-defaults.php:197
actionuser_registermodules\class-role-defaults.php:199
filterscreen_options_show_screenmodules\class-role-defaults.php:205
actionadmin_print_footer_scriptsmodules\class-role-defaults.php:215
actionvaa_admin_bar_modulesmodules\class-role-defaults.php:233
actionvaa_admin_bar_menumodules\class-role-defaults.php:243
filterget_user_metadatamodules\class-role-defaults.php:643
filterupdate_user_metadatamodules\class-role-defaults.php:644
filtervaa_admin_bar_titlemodules\class-role-defaults.php:645
actionvaa_view_admin_as_initmodules\class-role-manager.php:105
actionvaa_admin_bar_modulesmodules\class-role-manager.php:159
actionvaa_admin_bar_menumodules\class-role-manager.php:166
actionvaa_admin_bar_caps_manager_beforemodules\class-role-manager.php:167
filterview_admin_as_get_capabilitiesmodules\class-role-manager.php:171
actionvaa_view_admin_as_modify_usermodules\class-roles.php:101
actionvaa_admin_bar_settings_aftermodules\class-users.php:93
filteruser_row_actionsmodules\class-users.php:109
actionvaa_view_admin_as_pre_initmodules\class-users.php:114
filterget_user_metadatamodules\class-users.php:902
actionvaa_view_admin_as_initui\class-admin-bar.php:65
actionadmin_bar_menuui\class-admin-bar.php:97
actionvaa_toolbar_menuui\class-admin-bar.php:98
actionvaa_admin_bar_menuui\class-admin-bar.php:101
actionvaa_admin_bar_menuui\class-admin-bar.php:102
actionvaa_admin_bar_settings_afterui\class-admin-bar.php:103
actionvaa_admin_bar_settings_afterui\class-admin-bar.php:104
actionvaa_admin_bar_menuui\class-admin-bar.php:110
actionvaa_admin_bar_roles_afterui\class-admin-bar.php:115
actionvaa_admin_bar_users_beforeui\class-admin-bar.php:116
actionvaa_admin_bar_menuui\class-admin-bar.php:118
actionvaa_view_admin_as_initui\class-toolbar.php:70
actionwp_loadedui\class-toolbar.php:83
actionwp_footerui\class-toolbar.php:114
actioncustomize_controls_print_footer_scriptsui\class-toolbar.php:115
actionwp_metaui\class-ui.php:54
actionplugin_row_metaui\class-ui.php:55
filterremovable_query_argsui\class-ui.php:56
actionadmin_enqueue_scriptsui\class-ui.php:58
actionwp_enqueue_scriptsui\class-ui.php:59
actioncustomize_controls_enqueue_scriptsui\class-ui.php:61
filterwp_die_handlerui\class-ui.php:63
actionwp_headui\class-ui.php:71
actionadmin_noticesview-admin-as.php:116
Maintenance & Trust

View Admin As Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 23, 2024
PHP min version5.2.4
Downloads123K

Community Trust

Rating98/100
Number of ratings48
Active installs9K
Alternatives

View Admin As Alternatives

Fast User Switching

Fast User Switching

fast-user-switching

B
70

Fast user switching between users and roles directly from the admin bar - switch from a list or search for users/roles by id, username, email, etc.

2K 1 unpatched
User Role Switcher

User Role Switcher

wp-user-role-switcher

A
92

Instant switching between user roles in WordPress.

100 No CVEs
Switcher

Switcher

switcher

A
85

Switcher between the recently viewed admin page and the recently viewed public page.

30 No CVEs
Front-End Users

Front-End Users

front-end-users

A
85

Hides the WordPress admin section from specified user roles, allows users to edit their settings from the front-end, and more.

10 No CVEs
Multiple User Post

Multiple User Post

multiple-user-post

A
85

assign users, delegate post, edit me, post relationship, one to many, many to many, user post, multiple posts, suggest edit, multiple edit.

10 No CVEs
Developer Profile

View Admin As Developer Profile

Jory Hogeveen

10 plugins · 112K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
24 days
View full developer profile
Detection Fingerprints

How We Detect View Admin As

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/view-admin-as/includes/css/vaa-admin-bar.css/wp-content/plugins/view-admin-as/includes/css/vaa-admin.css/wp-content/plugins/view-admin-as/includes/css/vaa-front.css/wp-content/plugins/view-admin-as/includes/js/vaa-admin-bar.js/wp-content/plugins/view-admin-as/includes/js/vaa-admin.js/wp-content/plugins/view-admin-as/includes/js/vaa-front.js/wp-content/plugins/view-admin-as/includes/js/vendors/jquery.auto-complete.min.js
Script Paths
/wp-content/plugins/view-admin-as/includes/js/vendors/jquery.auto-complete.min.js
Version Parameters
/wp-content/plugins/view-admin-as/includes/css/vaa-admin-bar.css?ver=/wp-content/plugins/view-admin-as/includes/css/vaa-admin.css?ver=/wp-content/plugins/view-admin-as/includes/css/vaa-front.css?ver=/wp-content/plugins/view-admin-as/includes/js/vaa-admin-bar.js?ver=/wp-content/plugins/view-admin-as/includes/js/vaa-admin.js?ver=/wp-content/plugins/view-admin-as/includes/js/vaa-front.js?ver=/wp-content/plugins/view-admin-as/includes/js/vendors/jquery.auto-complete.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
vaa-reset-view-linkvaa-user-switch-linksvaa-admin-bar-menuvaa-admin-bar-itemvaa-admin-bar-item-view-asvaa-admin-bar-item-reset-view
HTML Comments
<!-- Added must-use (mu-plugins) compatibility. --><!-- Begin View Admin As -->
Data Attributes
data-vaa-actiondata-vaa-user-iddata-vaa-roledata-vaa-view-as
JS Globals
VAAvaa_params
FAQ

Frequently Asked Questions about View Admin As