Does WP Custom Admin Interface have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Custom Admin Interface have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Custom Admin Interface compatible with WordPress 6.9.4?

According to WordPress.org data, WP Custom Admin Interface 7.43 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP Custom Admin Interface updated?

WP Custom Admin Interface was last updated on Feb 10, 2026. Frequent updates are generally a positive security signal.

What is WP Custom Admin Interface's security score?

WP Custom Admin Interface has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Custom Admin Interface Security & Risk Analysis

wordpress.org/plugins/wp-custom-admin-interface

With WP Custom Admin Interface you can easily customise the WordPress admin and login interfaces.

30K active installs v7.43 PHP + WP 3.0.1+ Updated Feb 10, 2026

admincustomizeinterfacemenumenu-editor

A · Safe

CVEs total6

Unpatched0

Last CVEJan 25, 2026

Plugin page Download

Safety Verdict

Is WP Custom Admin Interface Safe to Use in 2026?

Generally Safe

Score 92/100

WP Custom Admin Interface has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jan 25, 2026Updated 1mo ago

Risk Assessment

The "wp-custom-admin-interface" plugin v7.43 presents a mixed security posture. While it demonstrates good practices in its handling of SQL queries through prepared statements and a moderate number of capability checks, significant concerns remain. The presence of a single AJAX handler without authentication checks creates a direct entry point for potential unauthorized actions. Furthermore, the use of the `unserialize` function, a known vector for deserialization vulnerabilities, without clear sanitization indicators in the static analysis, poses a substantial risk. This is amplified by the plugin's history, which includes six known CVEs, with a high-severity vulnerability and five medium-severity ones, pointing towards recurring security weaknesses such as missing authorization and authentication. The recent vulnerability in 2026, although currently unpatched, also indicates a history of undiscovered or recently disclosed issues.

Despite the absence of critical taint flows and a relatively small attack surface overall, the identified vulnerabilities and the pattern of past issues suggest a need for caution. The combination of an unprotected AJAX endpoint and the potential for deserialization attacks, coupled with a history of significant security flaws, indicates that this plugin requires vigilant monitoring and prompt patching of any newly discovered vulnerabilities. Users should be aware of the potential risks associated with these aspects of the plugin's implementation.

Key Concerns

AJAX handler without auth checks
Dangerous function: unserialize
High severity CVE historically
Medium severity CVEs historically (x5)
Missing nonce checks on AJAX (implied by unauth AJAX)
Vulnerability in 2026 (unpatched implies risk)

Vulnerabilities

WP Custom Admin Interface Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

3 CVEs in 2023

2023

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

6 total CVEs

CVE-2026-25011medium · 4.3Missing Authorization

Custom Admin Interface <= 7.41 - Missing Authorization

Jan 25, 2026 Patched in 7.42 (9d)

CVE-2025-63038medium · 4.3Missing Authorization

Custom Admin Interface <= 7.40 - Missing Authorization

Dec 31, 2025 Patched in 7.41 (9d)

CVE-2023-47763medium · 4.3Missing Authorization

WP Custom Admin Interface <= 7.31 - Missing Authorization via wpcai_pro_notice_disable

Nov 13, 2023 Patched in 7.32 (71d)

CVE-2023-44988medium · 4.3Missing Authentication for Critical Function

WP Custom Admin Interface <= 7.32 - Missing Authorization to Transients Deletion

Sep 29, 2023 Patched in 7.33 (116d)

WF-a5bc6097-d6ed-4598-b3c8-9159d5ce04ee-wp-custom-admin-interfacemedium · 4.3Cross-Site Request Forgery (CSRF)

WP Custom Admin Interface <= 7.32 - Cross-Site Request Forgery to Transients Deletion

Sep 29, 2023 Patched in 7.33 (116d)

CVE-2022-4043high · 7.2Deserialization of Untrusted Data

WP Custom Admin Interface <= 7.28 - Authenticated (Administrator+) PHP Object Injection

Dec 13, 2022 Patched in 7.29 (406d)

Code Analysis

Analyzed Mar 16, 2026

WP Custom Admin Interface Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

76 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$returned_object = unserialize(wp_remote_retrieve_body($response), array('allowed_classes' => false)inc\nbw.php:174

unserialize$extractedSettings = unserialize($settings, array('allowed_classes' => false));wp-custom-admin-interface.php:785

unserialize$extractedSettings = unserialize(base64_decode($settings), array('allowed_classes' => false));wp-custom-admin-interface.php:787

SQL Query Safety

100% prepared6 total queries

Output Escaping

52% escaped147 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

wp_custom_admin_interface_import_settings (wp-custom-admin-interface.php:769)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Custom Admin Interface Attack Surface

Entry Points8

Unprotected1

AJAX Handlers 8

authwp_ajax_import_settingswp-custom-admin-interface.php:805

authwp_ajax_export_settingswp-custom-admin-interface.php:849

authwp_ajax_delete_transientswp-custom-admin-interface.php:1739

authwp_ajax_delete_settingswp-custom-admin-interface.php:2297

authwp_ajax_dismiss_messagewp-custom-admin-interface.php:2468

authwp_ajax_delete_dismiss_transientswp-custom-admin-interface.php:2487

authwp_ajax_wpcai_welcome_noticewp-custom-admin-interface.php:2556

authwp_ajax_wpcai_pro_noticewp-custom-admin-interface.php:2575

WordPress Hooks 38

actionadmin_menuwp-custom-admin-interface.php:26

actionadmin_initwp-custom-admin-interface.php:27

filterplugin_row_metawp-custom-admin-interface.php:233

actionadmin_enqueue_scriptswp-custom-admin-interface.php:467

filteradmin_footer_textwp-custom-admin-interface.php:517

filtershow_admin_barwp-custom-admin-interface.php:528

filteruse_block_editor_for_postwp-custom-admin-interface.php:546

filteruse_block_editor_for_post_typewp-custom-admin-interface.php:548

actionadmin_initwp-custom-admin-interface.php:552

actionlogin_enqueue_scriptswp-custom-admin-interface.php:601

filterlogin_headwp-custom-admin-interface.php:629

actionadmin_headwp-custom-admin-interface.php:718

actionadmin_enqueue_scriptswp-custom-admin-interface.php:748

actionadmin_menuwp-custom-admin-interface.php:762

actionwp_loadedwp-custom-admin-interface.php:947

actionwp_dashboard_setupwp-custom-admin-interface.php:1059

actionadmin_initwp-custom-admin-interface.php:1087

actionlogin_headwp-custom-admin-interface.php:1107

actionadmin_headwp-custom-admin-interface.php:1108

actionwp_headwp-custom-admin-interface.php:1113

actionadmin_initwp-custom-admin-interface.php:1147

actionadmin_enqueue_scriptswp-custom-admin-interface.php:1459

filterget_user_option_admin_colorwp-custom-admin-interface.php:1478

filterautomatic_updater_disabledwp-custom-admin-interface.php:1490

filtersite_transient_update_pluginswp-custom-admin-interface.php:1506

actionadmin_menuwp-custom-admin-interface.php:1679

actionparse_requestwp-custom-admin-interface.php:1704

filterquery_varswp-custom-admin-interface.php:1715

actionplugins_loadedwp-custom-admin-interface.php:1746

actionpre_current_active_pluginswp-custom-admin-interface.php:1789

actionpre_user_querywp-custom-admin-interface.php:1965

actionadmin_initwp-custom-admin-interface.php:2004

actionadmin_bar_menuwp-custom-admin-interface.php:2163

filterlogin_headerurlwp-custom-admin-interface.php:2261

actionwp_enqueue_scriptswp-custom-admin-interface.php:2331

actionadmin_headwp-custom-admin-interface.php:2371

actionadmin_noticeswp-custom-admin-interface.php:2439

actionadmin_print_scriptswp-custom-admin-interface.php:2540

Maintenance & Trust

WP Custom Admin Interface Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 10, 2026

PHP min version

Downloads555K

Community Trust

Rating94/100

Number of ratings160

Active installs30K

Alternatives

WP Custom Admin Interface Alternatives

WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer

adminify

Transform your WordPress admin into a fully white-labeled, organized client dashboard. Customize, Dark mode, Secure, Boost productivity, and more.

7K 7 CVEs

Admin Setting

admin-setting

With Admin Setting you can easily customize the WordPress admin menu and toolbar and customize the admin and login interfaces Admin Setting provides a …

10 No CVEs

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

The #1 Plugin to Customize the WordPress Dashboard!

60K 8 CVEs

Admin Tools

admin-tools

Admin Tools Helps you to get better admin for your customers. Manage your menus, plugins, Top Bar, updates and more

4K No CVEs

Admin Tweaks

many-tips-together

100

Customize various aspects of WordPress backend. Create a clean and easier admin area for the users.

1K No CVEs

Developer Profile

WP Custom Admin Interface Developer Profile

Northern Beaches Websites

6 plugins · 50K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

72 days

View full developer profile

Detection Fingerprints

How We Detect WP Custom Admin Interface

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-custom-admin-interface/js/wp-custom-admin-interface-admin.js/wp-content/plugins/wp-custom-admin-interface/css/wp-custom-admin-interface-admin.css/wp-content/plugins/wp-custom-admin-interface/css/wp-custom-admin-interface-admin-colors.css/wp-content/plugins/wp-custom-admin-interface/js/wp-custom-admin-interface-frontend.js/wp-content/plugins/wp-custom-admin-interface/css/wp-custom-admin-interface-frontend.css/wp-content/plugins/wp-custom-admin-interface/css/wp-custom-admin-interface-login.css/wp-content/plugins/wp-custom-admin-interface/css/wp-custom-admin-interface-login-colors.css

Script Paths

/wp-content/plugins/wp-custom-admin-interface/js/wp-custom-admin-interface-admin.js/wp-content/plugins/wp-custom-admin-interface/js/wp-custom-admin-interface-frontend.js

Version Parameters

wp-custom-admin-interface/js/wp-custom-admin-interface-admin.js?ver=wp-custom-admin-interface/css/wp-custom-admin-interface-admin.css?ver=wp-custom-admin-interface/css/wp-custom-admin-interface-admin-colors.css?ver=wp-custom-admin-interface/js/wp-custom-admin-interface-frontend.js?ver=wp-custom-admin-interface/css/wp-custom-admin-interface-frontend.css?ver=wp-custom-admin-interface/css/wp-custom-admin-interface-login.css?ver=wp-custom-admin-interface/css/wp-custom-admin-interface-login-colors.css?ver=

HTML / DOM Fingerprints

CSS Classes

wp-custom-admin-interface-frontend-page

HTML Comments

WP Custom Admin Interface - Custom Code Section StartWP Custom Admin Interface - Custom Code Section EndWP Custom Admin Interface - Custom Code Frontend Section StartWP Custom Admin Interface - Custom Code Frontend Section End+24 more

Data Attributes

data-wp-custom-admin-interface-nonce

JS Globals

wp_custom_admin_interface_admin

FAQ