Does WebDesk Approval Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in WebDesk Approval Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WebDesk Approval Manager compatible with WordPress 6.8.5?

According to WordPress.org data, WebDesk Approval Manager 1.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WebDesk Approval Manager compatible with PHP 7.4+?

WebDesk Approval Manager requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WebDesk Approval Manager updated?

WebDesk Approval Manager was last updated on Jul 31, 2025. Frequent updates are generally a positive security signal.

What is WebDesk Approval Manager's security score?

WebDesk Approval Manager has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WebDesk Approval Manager Security & Risk Analysis

wordpress.org/plugins/webdesk-approval-manager

A WordPress plugin for managing customer approval workflows, dynamic frontend forms, and customer approval/rejection with email notifications.

0 active installs v1.0.1 PHP 7.4+ WP 6.0+ Updated Jul 31, 2025

custom-registration-formemail-notificationsuser-approvaluser-managementuser-registration

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WebDesk Approval Manager Safe to Use in 2026?

Generally Safe

Score 100/100

WebDesk Approval Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The webdesk-approval-manager plugin exhibits a generally good security posture with strong adherence to output escaping and a low number of dangerous functions. The extensive use of prepared statements for SQL queries is a significant positive indicator. However, there are critical security concerns arising from the static analysis. The presence of two REST API routes without permission callbacks represents a direct and significant attack vector that could allow unauthorized access or manipulation of plugin functionality. Furthermore, the taint analysis revealed two high-severity flows with unsanitized paths, indicating potential for malicious data to be processed without proper validation, which could lead to injection vulnerabilities.

While the plugin has no recorded historical vulnerabilities, this does not negate the current risks identified in the code. The absence of past issues might be attributed to its limited functionality or a lack of targeted analysis. The identified unprotected entry points and high-severity taint flows are present risks that need immediate attention. The plugin strengths lie in its output escaping and SQL handling, but these are overshadowed by the critical vulnerabilities found in the REST API and taint analysis. Addressing these specific weaknesses is paramount to improving the overall security of the plugin.

Key Concerns

REST API routes without permission callbacks
High severity taint flows with unsanitized paths
Unprotected AJAX handlers

Vulnerabilities

None known

WebDesk Approval Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WebDesk Approval Manager Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

178 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

64% prepared25 total queries

Output Escaping

99% escaped180 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

webdesk_approval_email (includes\email.php:7)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

WebDesk Approval Manager Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 3

noprivwp_ajax_approveuserincludes\functions.php:107

authwp_ajax_approveuserincludes\functions.php:108

authwp_ajax_group_usage_actionincludes\functions.php:218

REST API Routes 2

POST/wp-json/ca_api/v1/registerapi\api.php:8

POST/wp-json/ca_api/v1/loginapi\api.php:17

Shortcodes 2

[webdesk_approval_registration_form] includes\shortcode.php:129

[webdesk_approval_login_form] includes\shortcode.php:166

WordPress Hooks 17

actionrest_api_initapi\api.php:28

actionshow_user_profileapi\api.php:231

actionedit_user_profileapi\api.php:232

actionadmin_enqueue_scriptsincludes\functions.php:71

actionwp_enqueue_scriptsincludes\functions.php:77

actionadmin_enqueue_scriptsincludes\functions.php:105

actionadmin_enqueue_scriptsincludes\functions.php:326

actionwp_enqueue_scriptsincludes\functions.php:602

actionadmin_enqueue_scriptsincludes\functions.php:612

filtertiny_mce_before_initincludes\functions.php:621

filtercontent_save_preincludes\functions.php:636

actioncurrent_screenincludes\functions.php:713

actionwp_enqueue_scriptsincludes\shortcode.php:229

actionwp_enqueue_scriptsincludes\shortcode.php:298

actionadmin_menuwebdesk-approval-manager.php:50

actionadmin_enqueue_scriptswebdesk-approval-manager.php:63

actionadmin_initwebdesk-approval-manager.php:310

Maintenance & Trust

WebDesk Approval Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 31, 2025

PHP min version7.4

Downloads339

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

WebDesk Approval Manager Alternatives

New User Approve

new-user-approve

WordPress user approval plugin to moderate registrations. Approve or deny real users and prevent fake signups to control who registers on site.

20K 8 CVEs

User Management

user-management

User Import Export plugin allows you to export and import WordPress Users and Roles.

60 1 unpatched

Disable Email Notifications in WordPress 4.x for new user registration

disable-email-notifications-for-new-user-registration

This plugin disables the admin notifications that are sent to admin when a new user registers on the site.

30 No CVEs

User Approval Manager

user-approval-manager

100

Requires administrator approval before new users can log in. Sends email notifications to admins and users during the approval process.

20 No CVEs

Subscription System

subscription-system

100

A powerful subscription management system for WordPress that allows users to register and login through customizable forms.

0 No CVEs

Developer Profile

WebDesk Approval Manager Developer Profile

WebDesk Solution

2 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WebDesk Approval Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webdesk-approval-manager/css/admin.css/wp-content/plugins/webdesk-approval-manager/js/admin.js

Script Paths

/wp-content/plugins/webdesk-approval-manager/js/admin.js

Version Parameters

webdesk-approval-manager/css/admin.css?ver=webdesk-approval-manager/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

dash_containerca_card

JS Globals

webdesk_approval_ajax_object

REST Endpoints

/wp-json/webdesk-approval-manager/v1/get-customers/wp-json/webdesk-approval-manager/v1/update-customer-status/wp-json/webdesk-approval-manager/v1/settings/wp-json/webdesk-approval-manager/v1/email-settings/wp-json/webdesk-approval-manager/v1/form-settings/wp-json/webdesk-approval-manager/v1/customer-groups

FAQ