Does WP Maintenance-vek have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Maintenance-vek have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Maintenance-vek compatible with WordPress 4.2.39?

According to WordPress.org data, WP Maintenance-vek 0.2 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is WP Maintenance-vek updated?

WP Maintenance-vek was last updated on Dec 9, 2015. Frequent updates are generally a positive security signal.

What is WP Maintenance-vek's security score?

WP Maintenance-vek has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Maintenance-vek Security & Risk Analysis

wordpress.org/plugins/wp-maintenance-vek

Activate the plugin WP Maintenance-vek when your site is under repair

10 active installs v0.2 PHP + WP 4.1.1+ Updated Dec 9, 2015

administrationcountdown-timercustomize-pageloginmaintenance

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Maintenance-vek Safe to Use in 2026?

Generally Safe

Score 85/100

WP Maintenance-vek has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "wp-maintenance-vek" plugin v0.2 presents a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs. Furthermore, the static analysis indicates that all identified entry points (AJAX handlers) are protected by nonce and capability checks, which is a strong indicator of good security practice for user-facing functionality. The absence of REST API routes, shortcodes, and cron events further limits the potential attack surface.

However, the code analysis does reveal some areas of concern. The presence of the `create_function` is a significant red flag, as it can be a vector for code injection if used with unsanitized input. While the taint analysis showed no critical or high severity flows, the single flow with an unsanitized path is concerning, especially in conjunction with the low percentage of properly escaped outputs. This suggests a potential for cross-site scripting (XSS) vulnerabilities if data flowing through that unsanitized path is later rendered without proper encoding. The moderate use of prepared statements for SQL queries is acceptable but could be improved.

Overall, while the plugin benefits from a lack of past vulnerabilities and a seemingly secure approach to its public interfaces, the identified code quality issues, particularly `create_function` and unsanitized paths combined with poor output escaping, introduce a non-negligible risk. It's crucial to address these specific code concerns to solidify its security.

Key Concerns

Use of dangerous function: create_function
Flow with unsanitized path
Low percentage of properly escaped outputs
SQL queries not using prepared statements

Vulnerabilities

None known

WP Maintenance-vek Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP Maintenance-vek Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_filter('wp_mail_content_type', create_function('', 'return "text/html";'));Wp_Maintenance_vek.php:307

SQL Query Safety

55% prepared11 total queries

Output Escaping

34% escaped82 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

<home> (includes\home.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Maintenance-vek Attack Surface

Entry Points10

Unprotected0

AJAX Handlers 10

authwp_ajax_Wp_save_updateWp_Maintenance_vek.php:30

authwp_ajax_Wp_default_resetWp_Maintenance_vek.php:31

authwp_ajax_Wp_subscriber_email_csvWp_Maintenance_vek.php:32

authwp_ajax_Wp_subscriber_email_csv_delWp_Maintenance_vek.php:33

authwp_ajax_loginWp_Maintenance_vek.php:40

noprivwp_ajax_loginWp_Maintenance_vek.php:41

authwp_ajax_mail_formWp_Maintenance_vek.php:43

noprivwp_ajax_mail_formWp_Maintenance_vek.php:44

authwp_ajax_subscriber_emailWp_Maintenance_vek.php:46

noprivwp_ajax_subscriber_emailWp_Maintenance_vek.php:47

WordPress Hooks 6

actionplugins_loadedWp_Maintenance_vek.php:25

actionplugins_loadedWp_Maintenance_vek.php:26

actionadmin_menuWp_Maintenance_vek.php:27

actionplugins_loadedWp_Maintenance_vek.php:37

actionplugins_loadedWp_Maintenance_vek.php:38

filterwp_mail_content_typeWp_Maintenance_vek.php:307

Maintenance & Trust

WP Maintenance-vek Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedDec 9, 2015

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Maintenance-vek Alternatives

WS Force Login Page

ws-force-login-page

Redirecting user to login page if not logged in, working also with domains what includes umlaut letters like ö, ä, õ, ü

400 1 CVE

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs

Remove Dashboard Access

remove-dashboard-access-for-non-admins

Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.

30K No CVEs

XO Security

xo-security

100

XO Security is a plugin to enhance login related security.

30K 1 CVE

Coming Soon & Maintenance Mode by Colorlib

colorlib-coming-soon-maintenance

Create a coming soon page or maintenance mode screen with 15 responsive templates, countdown timer, MailChimp subscribe form, and social media links.

7K 2 CVEs

Developer Profile

WP Maintenance-vek Developer Profile

veks

3 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Maintenance-vek

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-maintenance-vek/assets/css/bootstrap.min.css/wp-content/plugins/wp-maintenance-vek/assets/css/font-awesome.css/wp-content/plugins/wp-maintenance-vek/assets/css/datetimepicker-master/jquery.datetimepicker.css/wp-content/plugins/wp-maintenance-vek/assets/css/admin/style-admin.css/wp-content/plugins/wp-maintenance-vek/assets/js/bootstrap.min.js/wp-content/plugins/wp-maintenance-vek/assets/js/jquery.noty/jquery.noty.packaged.js/wp-content/plugins/wp-maintenance-vek/assets/js/datetimepicker-master/jquery.datetimepicker.js/wp-content/plugins/wp-maintenance-vek/assets/js/save.js

Version Parameters

wp-maintenance-vek/assets/css/bootstrap.min.css?ver=wp-maintenance-vek/assets/css/font-awesome.css?ver=wp-maintenance-vek/assets/css/datetimepicker-master/jquery.datetimepicker.css?ver=wp-maintenance-vek/assets/css/admin/style-admin.css?ver=wp-maintenance-vek/assets/js/bootstrap.min.js?ver=wp-maintenance-vek/assets/js/jquery.noty/jquery.noty.packaged.js?ver=wp-maintenance-vek/assets/js/datetimepicker-master/jquery.datetimepicker.js?ver=wp-maintenance-vek/assets/js/save.js?ver=

HTML / DOM Fingerprints

HTML Comments

+2 more

Data Attributes

data-target=#loginModaldata-dismiss=modaldata-toggle=modaldata-target=#subscriberModal

JS Globals

admin_save

REST Endpoints

/wp-json/wp-maintenance-vek/v1/login/wp-json/wp-maintenance-vek/v1/mail_form/wp-json/wp-maintenance-vek/v1/subscriber_email

FAQ